Microsoft Outlook Express Windows Address Book file buffer overflow
| outlook-express-wab-bo (25535) |  High Risk |
Description:
Microsoft Outlook Express is vulnerable to a buffer overflow caused by improper bounds checking of Windows Address Book (.wab) files. A remote attacker could exploit this vulnerability by creating a malicious .wab file and hosting it on a Web site or by sending it to a potential victim as an email attachment. The attacker could use this vulnerability to execute arbitrary code on the victim's system with privileges of the victim, if the victim could be persuaded to open the malicious file using one of the affected applications.
Consequences:
Gain Access
Remedy:
Apply the appropriate patch for your system, as listed in the latest Microsoft Security Bulletin. See References.
— OR —
Use Microsoft Automatic Update if it is supported by your operating system. The original bulletin issued by Microsoft has been superseded.
References:
- Full-Disclosure Mailing List, Tue Apr 11 2006 - 12:53:05 CDT: ZDI-06-007: Microsoft Windows Address Book (WAB) File Format Parsing Vulnerability.
- Microsoft Security Bulletin MS06-016: Cumulative Security Updates for Outlook Express (911567).
- Microsoft Security Bulletin MS06-076: Cumulative Security Update for Outlook Express (923694).
- Microsoft Security Bulletin MS07-034: Cumulative Security Update for Outlook Express and Windows Mail (929123).
- Microsoft Security Bulletin MS07-056: Security Update for Outlook Express and Windows Mail (941202).
- Microsoft Security Bulletin MS08-048: Security Update for Outlook Express and Windows Mail (951066).
- Microsoft Security Bulletin MS10-030: Vulnerability in Outlook Express and Windows Mail Could Allow Remote Code Execution (978542).
- ZDI-06-007: Microsoft Windows Address Book (WAB) File Format Parsing Vulnerability.
- ASA-2006-079: Windows Security Updates for April 2006 - (MS06-013 - MS06-017)
- BID-17459: Microsoft Outlook Express Windows Address Book File Parsing Buffer Overflow Vulnerability
- CVE-2006-0014: Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing certain Unicode strings and modified length values.
- SA19617: Outlook Express Windows Address Book File Vulnerability
- SECTRACK ID: 1015898: Microsoft Outlook Express Buffer Overflow in Processing Windows Address Books Lets Remote Users Execute Arbitrary Code
- VUPEN/ADV-2006-1321: Microsoft Outlook Express WAB Handling Buffer Overflow Vulnerability (MS06-016)
Platforms Affected:
- Microsoft Outlook Express 5.5 SP2
- Microsoft Outlook Express 6.0
- Microsoft Outlook Express 6.0 SP1
- Microsoft Windows 2000 SP4
- Microsoft Windows 2003 Server SP1
- Microsoft Windows 2003 Server Itanium
- Microsoft Windows 2003 Server SP1 Itanium
- Microsoft Windows 2003 Server x64
- Microsoft Windows XP SP2
- Microsoft Windows XP SP1
- Microsoft Windows XP x64 Professional
Reported:
Apr 11, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net