Outlook TNEF flaw could be much worse than WMF flaw

by Justin Mann on Fri 13 Jan 2006, 11:11 AM

Despite just having dealt with a very serious WMF flaw that ended up with
users creating their own patches, it seems that IT Staffing won't get much
of a reprieve. Critical flaws discovered in Outlook 2003, Outlook 2000,
Exchange Server 2000, Exchange Server 5.5 and Exchange Server 5.0 could
lead to a huge amount of compromised machines. The exploit lies in the way
these programs handle TNEF Mime content. A particularly crafted e-mail is
all it takes, and all an Outlook client has to do is open or preview the
message. On the server side, when Exchange's “Information Store†processes
the message, it can be compromised.

"An attacker may leverage these issues to carry out a denial-of-service
attack or execute arbitrary code on an affected computer with the
privileges of the user viewing a malicious image," Symantec said. "An
attacker may gain system privileges if an administrator views the malicious
file. Local code execution may also facilitate a complete compromise."
This could end up being a much worse case than the WMF flaw, which resulted
in a lot of headaches and many infected machines. Apparently, this has been
known about for close to 3 months.

http://www.techspot.com/news/20110-outlook-tnef-flaw-could-be-much-worse-than-wmf-flaw.html