Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: MS06-076: Windows Address Book Contact Record flaw (CVE-2006-2386) - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
MS06-076: Windows Address Book Contact Record flaw (CVE-2006-2386)
MS06-076:  Windows Address Book Contact Record flaw  (CVE-2006-2386)

References: KB923694
Severity:  Highly Important to Workstations, lesser for servers

This update is a cumulative update for Outlook Express versions 5.5 and 6.  It addresses a remote code execution problem involving Windows Address Book (or .wab files).  The vulnerability exists in a component of Outlook Express which could allow an attacker who sends a specially crafted address book file to an unpatched system to take control of that system.  The vulnerability does not contain any privlige escalation capabilities.  If the attacker successfully exploits this vulnerability, he or she would gain the same access rights as the logged in user.  So please remember to configure end user accounts with as few of privlidges as possible.

I would recommend that this update or the registry change workaround to any client workstations as soon as possible.

This update replaces  MS06-016  and MS06-043 as it is a cumulative update.
ScottF

188 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!