CVE-2006-2386 — Microsoft Outlook Express vulnerability

4 documents4 sources

Severity

6.8MEDIUMNVD

EPSS

57.0%

top 1.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Outlook Express

Timeline

PublishedDec 13

Latest updateMay 1

Description

Unspecified vulnerability in Microsoft Outlook Express 6 and earlier allows remote attackers to execute arbitrary code via a crafted contact record in a Windows Address Book (WAB) file.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDmicrosoft/outlook_express5.5, 6.0+1

🔴Vulnerability Details

GHSA

GHSA-9vx2-5x64-vvp6: Unspecified vulnerability in Microsoft Outlook Express 6 and earlier allows remote attackers to execute arbitrary code via a crafted contact record in↗2022-05-01

▶

CVEList

CVE-2006-2386: Unspecified vulnerability in Microsoft Outlook Express 6 and earlier allows remote attackers to execute arbitrary code via a crafted contact record in↗2006-12-13

▶

💥Exploits & PoCs

Exploit-DB

eStara SoftPhone 3.0.1 SIP Packet - Multiple Malformed Field Denial of Service Vulnerabilities↗2006-02-14

▶