MS06-003: Vulnerability in TNEF Decoding in Microsoft Outlook and Microsoft Exchange Could Allow Remote Code Execution (902412)
High Nessus Plugin ID 20390
SynopsisArbitrary code can be executed on the remote host through the email client or server.
DescriptionThe remote host is running a version of Outlook or Exchange containing a bug in the Transport Neutral Encapsulation Format (TNEF) MIME attachment handling routine that could allow an attacker execute arbitrary code on the remote host by sending a specially crafted email.
SolutionMicrosoft has released a set of patches for Office 2000, 2002, XP, 2003, Exchange 5.0, 5.5 and 2000.