J-Security Center

Latest Attack Object Updates
  • IDP Daily Update #1545
    posted: 11/19/09
  • NSM Daily Update #1545
    posted: 11/19/09
  • Deep Inspection 5.3r5 and above, 5.4, 6.0 #1545
    posted: 11/19/09
  • Deep Inspection 5.1 and 5.2 #1435
    posted: 11/19/09
  • Deep Inspection 5.0, 5.3r4 and below #1132
    posted: 03/28/08 (04/01/08 for 5.0)
  • Antivirus
    posted: 11/19/09

Title: Microsoft Outlook / Microsoft Exchange TNEF Decoding Remote Code Execution Vulnerability

Severity: CRITICAL

Description:

Microsoft Exchange Server and Outlook email clients use the Transport Neutral Encapsulation (TNEF) format when sending Rich Text Format (RTF) messages. Microsoft Exchange Servers send RTF messages in two parts: the text message and a TNEF block containing formatting instructions. The client uses the formatting instructions to properly display the RTF message. This occurs only when an Exchange server is sending the message to a Microsoft email client.

Microsoft Exchange Server and Outlook email clients are prone to a remote code-execution vulnerability. This issue arises due to insufficient boundary checks performed by the applications.

Specifically, this vulnerability presents itself when the applications decode a message containing a specially crafted TNEF MIME attachment. The attacker-supplied message may contain excessive data that could corrupt process buffers and lead to a buffer-overflow condition. Successful exploitation may result in arbitrary code execution facilitating a remote compromise.

An attack against Microsoft Exchange Server could lead to a SYSTEM-level remote compromise, while attacks against Outlook would result in arbitrary code execution in the context of the current user.

This issue affects Microsoft Outlook, Microsoft Exchange, and Microsoft Office Multilingual User Interface (MUI) Packs.

NGSSoftware, who are responsible for discovering this issue, have stated that they will be withholding publication of technical details for three months. These details will be published on April 10, 2006.

Affected Products:

  • Microsoft Excel 2002 SP3
  • Microsoft Exchange Server 2000 SP3
  • Microsoft Exchange Server 5.0.0
  • Microsoft Exchange Server 5.0.0SP1
  • Microsoft Exchange Server 5.0.0SP2
  • Microsoft Exchange Server 5.5.0
  • Microsoft Exchange Server 5.5.0SP1
  • Microsoft Exchange Server 5.5.0SP2
  • Microsoft Exchange Server 5.5.0SP3
  • Microsoft Exchange Server 5.5.0SP4
  • Microsoft FrontPage 2002 SP3
  • Microsoft Office 2000 SP3
  • Microsoft Office 2003 SP1
  • Microsoft Office 2003 SP2
  • Microsoft Office XP SP3
  • Microsoft Outlook 2000 0.0.0SP3
  • Microsoft Outlook 2002 0.0.0SP3
  • Microsoft Outlook 2002 0.0.0SP3
  • Microsoft Outlook 2003 0.0.0
  • Microsoft PowerPoint 2002 SP3
  • Microsoft Publisher 2002 0.0.0SP3
  • Microsoft Word 2002 SP3
  • Nortel Networks Optivity Telephony Manager for SL-100
  • Nortel Networks Passport Multiservice Data Manager (MDM)
  • Nortel Networks Self-Service

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.