Microsoft Outlook / Exchange TNEF Decoding Arbitrary Code Execution
High Nessus Network Monitor Plugin ID 3365
SynopsisArbitrary code can be executed on the remote host through the email client or the email server.
DescriptionArbitrary code can be executed on the remote host through the email client or the email server. The remote host is running a version of Outlook that is vulnerable to a bug in the Transport Neutral Encapsulation Format (TNEF) MIME attachment handling routine that may allow an attacker execute arbitrary code on the remote host by sending a specially crafted email.
SolutionMicrosoft has released a set of patches for Office 2000, 2002, XP, and 2003.