icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Microsoft Outlook / Exchange TNEF Decoding Arbitrary Code Execution

High

Synopsis

Arbitrary code can be executed on the remote host through the email client or the email server.

Description

Arbitrary code can be executed on the remote host through the email client or the email server. The remote host is running a version of Outlook that is vulnerable to a bug in the Transport Neutral Encapsulation Format (TNEF) MIME attachment handling routine that may allow an attacker execute arbitrary code on the remote host by sending a specially crafted email.

Solution

Microsoft has released a set of patches for Office 2000, 2002, XP, and 2003.