The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Outlook, Exchange: code execution with TNEF

Synthesis of the vulnerability 

An attacker can send an email in TNEF format in order to run code with rights of user opening it with Outlook, or on an Exchange server.
Impacted software: Exchange, Office, Outlook.
Severity of this computer vulnerability: 4/4.
Creation date: 11/01/2006.
Références of this announce: BID-16197, CERTA-2006-AVI-018, CVE-2006-0002, MS06-003, VIGILANCE-VUL-5506, VU#252146.

Description of the vulnerability 

The TNEF format ("Transport Neutral Encapsulation Format") can be used by Outlook messaging in order to transmit non standard objects (buttons, etc.) to a recipient. An email in TNEF format contains the text version of the message, and a binary attachment containing the associated objects.

Microsoft announced a TNEF message can lead to code execution on Outlook and Exchange.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This weakness note impacts software or systems such as Exchange, Office, Outlook.

Our Vigil@nce team determined that the severity of this threat note is critical.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this computer weakness.

Solutions for this threat 

Outlook, Exchange: patch for TNEF.
A patch is available:
Microsoft Office 2000 Service Pack 3
  Microsoft Outlook 2000
    http://www.microsoft.com/downloads/details.aspx?FamilyId=64D0336D-F962-4AB1-A724-9F6BA2108CB9
  Microsoft Office 2000 MultiLanguage Packs
    http://www.microsoft.com/downloads/details.aspx?FamilyId=2C0FA7C7-91AA-49B4-9731-9E83E3E0823D
  Microsoft Outlook 2000 English MultiLanguage Packs
    http://www.microsoft.com/downloads/details.aspx?FamilyId=2C0FA7C7-91AA-49B4-9731-9E83E3E0823D
Microsoft Office XP Service Pack 3
  Microsoft Outlook 2002
    http://www.microsoft.com/downloads/details.aspx?FamilyId=9A85CEBB-0D9A-465D-A4BC-AF501562772D
  Microsoft Office XP Multilingual User Interface Packs
    http://www.microsoft.com/downloads/details.aspx?FamilyId=CCA9399A-6DA3-4163-8398-C58DC328182B
Microsoft Office 2003 Service Pack 1 and Service Pack 2
  Microsoft Outlook 2003
    http://www.microsoft.com/downloads/details.aspx?FamilyId=1D156043-B041-4305-8442-3C4E3B832788
  Microsoft Office 2003 Multilingual User Interface Packs
    http://www.microsoft.com/downloads/details.aspx?FamilyId=D69554AD-196F-4789-91E5-B2A753EED854
  Microsoft Office 2003 Language Interface Packs
    http://www.microsoft.com/downloads/details.aspx?FamilyID=db080de8-8193-4c32-9019-9980ecd6874a
Microsoft Exchange Server
  Microsoft Exchange Server 5.0 Service Pack 2
    http://www.microsoft.com/downloads/details.aspx?FamilyId=0A8DF1C3-ABF9-4A21-9B49-81FA362B251F
  Microsoft Exchange Server 5.5 Service Pack 4
    http://www.microsoft.com/downloads/details.aspx?FamilyId=EC6BD30E-12DE-4CA1-9432-D2E73AF62427
  Microsoft Exchange 2000 SP3 + Update Rollup August 2004
    http://www.microsoft.com/downloads/details.aspx?FamilyId=372FF07F-C3CA-4301-8559-9B90344EDC02
A workaround for Exchange is to block Winmail.dat and ms-tnef MIME type. Microsoft announce details this procedure.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides an applications vulnerabilities alert. The technology watch team tracks security threats targeting the computer system.