The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Outlook, Exchange: code execution with TNEF

Synthesis of the vulnerability 

An attacker can send an email in TNEF format in order to run code with rights of user opening it with Outlook, or on an Exchange server.
Impacted software: Exchange, Office, Outlook.
Severity of this computer vulnerability: 4/4.
Creation date: 11/01/2006.
Références of this announce: BID-16197, CERTA-2006-AVI-018, CVE-2006-0002, MS06-003, VIGILANCE-VUL-5506, VU#252146.

Description of the vulnerability 

The TNEF format ("Transport Neutral Encapsulation Format") can be used by Outlook messaging in order to transmit non standard objects (buttons, etc.) to a recipient. An email in TNEF format contains the text version of the message, and a binary attachment containing the associated objects.

Microsoft announced a TNEF message can lead to code execution on Outlook and Exchange.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This weakness note impacts software or systems such as Exchange, Office, Outlook.

Our Vigil@nce team determined that the severity of this threat note is critical.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this computer weakness.

Solutions for this threat 

Outlook, Exchange: patch for TNEF.
A patch is available:
Microsoft Office 2000 Service Pack 3
  Microsoft Outlook 2000
  Microsoft Office 2000 MultiLanguage Packs
  Microsoft Outlook 2000 English MultiLanguage Packs
Microsoft Office XP Service Pack 3
  Microsoft Outlook 2002
  Microsoft Office XP Multilingual User Interface Packs
Microsoft Office 2003 Service Pack 1 and Service Pack 2
  Microsoft Outlook 2003
  Microsoft Office 2003 Multilingual User Interface Packs
  Microsoft Office 2003 Language Interface Packs
Microsoft Exchange Server
  Microsoft Exchange Server 5.0 Service Pack 2
  Microsoft Exchange Server 5.5 Service Pack 4
  Microsoft Exchange 2000 SP3 + Update Rollup August 2004
A workaround for Exchange is to block Winmail.dat and ms-tnef MIME type. Microsoft announce details this procedure.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides an applications vulnerabilities alert. The technology watch team tracks security threats targeting the computer system.