CVE-2006-0027
CVSS7.5
发布时间 :2006-05-09 22:10:00
修订时间 :2011-04-15 00:00:00
NMCOPS    

[原文]Unspecified vulnerability in Microsoft Exchange allows remote attackers to execute arbitrary code via e-mail messages with crafted (1) vCal or (2) iCal Calendar properties.


[CNNVD]Microsoft Exchange Server e-mail消息 未明漏洞(CNNVD-200605-179)

        Microsoft Exchange是一款由微软开发的邮件服务程序。
        Exchange Server所提供的EXCDO和CDOEX功能没有正确地处理邮件消息中的某些iCAL和vCAL属性,远程攻击者可以向Exchange Server发送包含有特制vCAL或iCAL属性的邮件消息导致代码执行。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:microsoft:exchange_server:2000:sp3Microsoft Exchange Server 2000 Service Pack 3
cpe:/a:microsoft:exchange_server:2003:sp2Microsoft Exchange Server 2003 Service Pack 2
cpe:/a:microsoft:exchange_server:2003:sp1Microsoft Exchange Server 2003 Service Pack 1

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:2035Exchange 2003,SP1 Calendar Vulnerability
oval:org.mitre.oval:def:1996Exchange 2003,SP2 Calendar Vulnerability
oval:org.mitre.oval:def:1818Exchange 2000,SP4 Calendar Vulnerability
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0027
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0027
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200605-179
(官方数据源) CNNVD

- 其它链接及资源

http://www.us-cert.gov/cas/techalerts/TA06-129A.html
(PATCH)  CERT  TA06-129A
http://www.kb.cert.org/vuls/id/303452
(PATCH)  CERT-VN  VU#303452
http://www.microsoft.com/technet/security/bulletin/ms06-019.mspx
(PATCH)  MS  MS06-019
http://xforce.iss.net/xforce/xfdb/25556
(UNKNOWN)  XF  exchange-calendar-code-execution(25556)
http://www.vupen.com/english/advisories/2006/1743
(VENDOR_ADVISORY)  VUPEN  ADV-2006-1743
http://www.securityfocus.com/bid/17908
(UNKNOWN)  BID  17908
http://www.osvdb.org/25338
(UNKNOWN)  OSVDB  25338
http://securitytracker.com/id?1016048
(UNKNOWN)  SECTRACK  1016048
http://secunia.com/advisories/20029
(VENDOR_ADVISORY)  SECUNIA  20029

- 漏洞信息

Microsoft Exchange Server e-mail消息 未明漏洞
高危 资料不足
2006-05-09 00:00:00 2006-05-11 00:00:00
远程  
        Microsoft Exchange是一款由微软开发的邮件服务程序。
        Exchange Server所提供的EXCDO和CDOEX功能没有正确地处理邮件消息中的某些iCAL和vCAL属性,远程攻击者可以向Exchange Server发送包含有特制vCAL或iCAL属性的邮件消息导致代码执行。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        http://www.microsoft.com/technet/security/Bulletin/MS06-019.mspx?pf=true

- 漏洞信息 (F46386)

Technical Cyber Security Alert 2006-129A (PacketStormID:F46386)
2006-05-21 00:00:00
US-CERT  cert.org
advisory,remote,denial of service,arbitrary,vulnerability
windows
CVE-2006-0027,CVE-2006-0024,CVE-2005-2628
[点击下载]

Technical Cyber Security Alert TA06-129A - Microsoft has released updates that address critical vulnerabilities in Microsoft Windows and Exchange Server. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



                        National Cyber Alert System

                Technical Cyber Security Alert TA06-129A


Microsoft Windows and Exchange Server Vulnerabilities

   Original release date: May 9, 2006
   Last revised: --
   Source: US-CERT


Systems Affected

     * Microsoft Windows
     * Microsoft Exchange Server

   For more complete information, refer to the Microsoft Security
   Bulletin Summary for May 2006.


Overview

   Microsoft has released updates that address critical vulnerabilities
   in Microsoft Windows and Exchange Server. Exploitation of these
   vulnerabilities could allow a remote, unauthenticated attacker to
   execute arbitrary code or cause a denial of service on a vulnerable
   system.


I. Description

   Microsoft Security Bulletin Summary for May 2006 addresses
   vulnerabilities in Microsoft Windows and Exchange Server. Further
   information is available in the following US-CERT Vulnerability Notes:


   VU#303452 - Microsoft Exchange fails to properly handle vCal and iCal
   properties 

   Microsoft Exchange Server does not properly handle the vCal and iCal
   properties of email messages. Exploitation of this vulnerability may
   allow a remote, unauthenticated attacker to execute arbitrary code on
   an Exchange Server.
   (CVE-2006-0027)


   VU#945060 - Adobe Flash products contain multiple vulnerabilities 

   Several vulnerabilities in Adobe Macromedia Flash products may allow a
   remote attacker to execute code on a vulnerable system.
   (CVE-2006-0024)


   VU#146284 - Macromedia Flash Player fails to properly validate the
   frame type identifier read from a "SWF" file 

   A buffer overflow vulnerability in some versions of the Macromedia
   Flash Player may allow a remote attacker to execute code on a
   vulnerable system.
   (CVE-2005-2628)


II. Impact

   A remote, unauthenticated attacker could execute arbitrary code on a
   vulnerable system. An attacker may also be able to cause a denial of
   service.


III. Solution

Apply Updates

   Microsoft has provided updates for these vulnerabilities in the
   Security Bulletins. Microsoft Windows updates are available on the
   Microsoft Update site.

Workarounds

   Please see the US-CERT Vulnerability Notes for workarounds.


Appendix A. References

     * Microsoft Security Bulletin Summary for May 2006 -
       <http://www.microsoft.com/technet/security/bulletin/ms06-may.mspx>

     * Technical Cyber Security Alert TA06-075A -
       <http://www.us-cert.gov/cas/techalerts/TA06-075A.html>

     * US-CERT Vulnerability Note VU#303452 -
       <http://www.kb.cert.org/vuls/id/303452>

     * US-CERT Vulnerability Note VU#945060 -
       <http://www.kb.cert.org/vuls/id/945060>

     * US-CERT Vulnerability Note VU#146284 -
       <http://www.kb.cert.org/vuls/id/146284>

     * CVE-2006-0027 -
       <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0027>

     * CVE-2006-0024 -
       <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0024>

     * CVE-2005-2628 -
       <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2628>

     * Microsoft Update - <https://update.microsoft.com/microsoftupdate>


 ____________________________________________________________________

   The most recent version of this document can be found at:

     <http://www.us-cert.gov/cas/techalerts/TA06-129A.html>
 ____________________________________________________________________

   Feedback can be directed to US-CERT Technical Staff. Please send
   email to <cert@cert.org> with "TA06-129A Feedback VU#303452" in the
   subject.
 ____________________________________________________________________

   For instructions on subscribing to or unsubscribing from this
   mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
 ____________________________________________________________________

   Produced 2006 by US-CERT, a government organization.

   Terms of use:

     <http://www.us-cert.gov/legal.html>
 ____________________________________________________________________


Revision History

   May 9, 2006: Initial release


    
    

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBRGDvB30pj593lg50AQJkAQf9FqFX8S29GmV1pKfRCfkEY9ooi/ygyeyu
l+z2OpoJsu4BHhYbXahssZLutNh0UtpC2Qv17sgHP2xg2sIokqgqkdMH1WQn4kAw
x6RWPlI7hraIg/tY1lSZayZris4XMuDzNiqfpa/gN7oOSOtnIZ6Ky5+h5nIk+xxk
Q50BdlEHmw5e62LyW7qnBAoHuHzEQq/xS52DtTat+aigRYePq3SX2f8S4BpZyKzq
kQKN7kn2keseziuKCMEMNIH0bUunUr6M2kRsBPIBUrAi03Fmgx2Qfy7yMHRV/0Gg
A2jjB48O4m+fuHHQSVSP2gCtSbe9ChiWJ8Db1nY1pnsQ42fZvqQekg==
=nxe/
-----END PGP SIGNATURE-----
    

- 漏洞信息

25338
Microsoft Exchange Collaboration Data Objects Crafted Email Code Execution
Remote / Network Access Input Manipulation
Loss of Integrity Patch / RCS
Exploit Public Vendor Verified

- 漏洞描述

Microsoft Exchange contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered due to an error within the EXCDO (Exchange Collaboration Data Objects) and CDOEX (Collaboration Data Objects for Exchange) functionality when processing iCal and vCal properties in email messages. It is possible that the flaw may allow remote code execution resulting in a loss of integrity.

- 时间线

2006-05-09 Unknow
Unknow 2006-05-11

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, the vendor has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Microsoft Exchange Server Calendar Remote Code Execution Vulnerability
Unknown 17908
Yes No
2006-05-09 12:00:00 2007-11-15 12:38:00
The discoverer of this issue is not known.

- 受影响的程序版本

Microsoft Exchange Server 2003 SP2
Microsoft Exchange Server 2003 SP1
Microsoft Exchange Server 2003
Microsoft Exchange Server 2000 SP2
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
Microsoft Exchange Server 2000 SP1
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
Microsoft Exchange Server 2000
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server

- 漏洞讨论

Microsoft Exchange Server is prone to a vulnerability that may let attackers execute code remotely. This issue is exposed when the server handles emails that contain malicious calendar data that is included in meeting requests.

If the issue is successfully exploited, this could completely compromise the computer hosting the mail server.

- 漏洞利用

UPDATE: Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.

- 解决方案

Microsoft has released a security bulletin to address supported versions of Microsoft Exchange Server.


Microsoft Exchange Server 2003 SP1

Microsoft Exchange Server 2003 SP2

Microsoft Exchange Server 2000

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站