| Check Point Reference: |
CPAI-2006-113 |
| Date Published: |
11 Oct 2006 |
| Severity: |
High
|
| Last Updated: |
Thursday 03 May, 2007 |
| Source: |
Microsoft Security Bulletin MS06-043 |
| Industry Reference: | CVE-2006-2766
US-CERT VU#891204 |
| Protection Provided by: |
|
| Who is Vulnerable? | Microsoft Windows XP SP2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003 SP1
Microsoft Windows Server 2003 SP1 (Itanium)
Microsoft Windows Server 2003 x64 Edition
Microsoft Outlook Express 6 on Microsoft Windows XP SP2
Microsoft Outlook Express 6 on Microsoft Windows XP Professional x64 Edition
Microsoft Outlook Express 6 on Microsoft Windows Server 2003 SP1
Microsoft Outlook Express 6 on Microsoft Windows Server 2003 SP1 (Itanium)
Microsoft Outlook Express 6 on Microsoft Windows Server 2003 x64 Edition |
| Vulnerability Description |
Several Microsoft Windows applications are prone to a buffer overflow vulnerability. Microsoft Internet Explorer, Windows Explorer and Outlook Express 6 fail to properly process overly long MHTML URLs. MHTML is an Internet standard that defines the MIME structure used to send HTML content in e-mail message bodies. It also extends HTML to embed encoded objects in the HTML document. A remote attacker can exploit this vulnerability to crash the affected application or to execute arbitrary commands. |
| Update/Patch Avaliable | Apply patches:
Microsoft Security Bulletin MS06-043 |
| Vulnerability Details | This vulnerability is due to a flaw in the Microsoft Internet Messaging library "inetcomm.dll". By convincing a user to enter a specially crafted web page or open a malicious e-mail message or HTML file, an attacker can execute arbitrary commands or cause the application to crash. |
Feedback