Remote Code Execution Vulnerability in Microsoft Outlook Express
CVE-2006-2386

Currently unrated

Key Information:

Vendor: Microsoft
Status: Outlook Express
Vendor: CVE Published:; 13 December 2006

What is CVE-2006-2386?

A vulnerability in multiple versions of Microsoft Outlook Express enables remote attackers to execute arbitrary code on a victim's system. This is achieved through the exploitation of a specially crafted contact record in a Windows Address Book (WAB) file. When this malicious record is opened by an unsuspecting user, it can lead to unauthorized actions being performed, compromising the security of the system.

References

http://secunia.com/advisories/23311

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/21501

vdb-entryx_refsource_BID

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

EPSS Score

56% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 13, 2006
Vulnerability Reserved
May 15, 2006