Release DateDec 24, 2011 |
Severityhigh |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates an attempt to exploit a Remote Code Execution vulnerability that affects Microsoft Exchange Server.A remote attacker can exploit the vulnerability by sending an email with a meeting request containing specially crafted vCal and iCal calendar data. As a result, the attacker may be able to take complete control of a vulnerable system. |
Affected ProductsMicrosoft Exchange Server 2003 SP 1Microsoft Exchange Server 2003 SP 2 Microsoft Exchange Server 2000 with the Exchange 2000 Post-SP 3 Update Rollup of August 2004(870540) |
Recommended ActionsApply the patch, available from the vendor's web site:http://www.microsoft.com/technet/security/bulletin/ms06-019.mspx |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2006-0027 |
Reference/shttp://www.securityfocus.com/bid/17908 (BugTraq)http://technet.microsoft.com/en-us/security/bulletin/ms06-019.mspx (MS-ID) |
