MS06-076: Windows Address Book Contact Record flaw (CVE-2006-2386)
Severity: Highly Important to Workstations, lesser for servers
This update is a cumulative update for Outlook Express versions 5.5 and 6. It addresses a remote code execution problem involving Windows Address Book (or .wab files). The vulnerability exists in a component of Outlook Express which could allow an attacker who sends a specially crafted address book file to an unpatched system to take control of that system. The vulnerability does not contain any privlige escalation capabilities. If the attacker successfully exploits this vulnerability, he or she would gain the same access rights as the logged in user. So please remember to configure end user accounts with as few of privlidges as possible.
I would recommend that this update or the registry change workaround to any client workstations as soon as possible.
This update replaces MS06-016 and MS06-043 as it is a cumulative update.
Dec 12th 2006
1 decade ago