Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
(AV:N/AC:H/Au:N/C:P/I:P/A:P)
Производитель ПО
Наименование ПО
Microsoft Outlook Express
(5.50, 6.0)
Описание
В приложении Outlook Express существует уязвимость удаленного выполнения кода при использовании файла адресной книги Windows (.wab), которая позволяет воспользовавшемуся ею злоумышленнику получить полный контроль над уязвимой системой.
Как исправить
Используйте рекомендации производителя:
http://www.microsoft.com/technet/security/Bulletin/MS06-016.mspx
http://www.microsoft.com/technet/security/Bulletin/MS06-016.mspx
Ссылки
BUGTRAQ (20060411 ZDI-06-007: Microsoft Windows Address Book (WAB) File Format Parsing Vulnerability): http://www.securityfocus.com/archive/1/archive/1/430645/100/0/threaded
http://www.zerodayinitiative.com/advisories/ZDI-06-007.html
MS (MS06-016): http://www.microsoft.com/technet/security/bulletin/ms06-016.mspx
BID (17459): http://www.securityfocus.com/bid/17459
FRSIRT (ADV-2006-1321): http://www.frsirt.com/english/advisories/2006/1321
SECTRACK (1015898): http://securitytracker.com/id?1015898
OVAL (oval:org.mitre.oval:def:1611): http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1611
OVAL (oval:org.mitre.oval:def:1682): http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1682
OVAL (oval:org.mitre.oval:def:1769): http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1769
OVAL (oval:org.mitre.oval:def:1771): http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1771
OVAL (oval:org.mitre.oval:def:1780): http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1780
OVAL (oval:org.mitre.oval:def:1791): http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1791
OVAL (oval:org.mitre.oval:def:812): http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:812
FULLDISC (20060411 ZDI-06-007: Microsoft Windows Address Book (WAB) File Format Parsing Vulnerability): http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045003.html
XF (outlook-express-wab-bo(25535)): http://xforce.iss.net/xforce/xfdb/25535
http://www.zerodayinitiative.com/advisories/ZDI-06-007.html
MS (MS06-016): http://www.microsoft.com/technet/security/bulletin/ms06-016.mspx
BID (17459): http://www.securityfocus.com/bid/17459
FRSIRT (ADV-2006-1321): http://www.frsirt.com/english/advisories/2006/1321
SECTRACK (1015898): http://securitytracker.com/id?1015898
OVAL (oval:org.mitre.oval:def:1611): http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1611
OVAL (oval:org.mitre.oval:def:1682): http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1682
OVAL (oval:org.mitre.oval:def:1769): http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1769
OVAL (oval:org.mitre.oval:def:1771): http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1771
OVAL (oval:org.mitre.oval:def:1780): http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1780
OVAL (oval:org.mitre.oval:def:1791): http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1791
OVAL (oval:org.mitre.oval:def:812): http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:812
FULLDISC (20060411 ZDI-06-007: Microsoft Windows Address Book (WAB) File Format Parsing Vulnerability): http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045003.html
XF (outlook-express-wab-bo(25535)): http://xforce.iss.net/xforce/xfdb/25535