Tnef Program Vulnerability

HIGH (10.0) No Patch (9296 days)
linuxmicrosoftoutlooktnefvulnerability

Threat Intelligence

Low Risk
EPSS Score: 0.96% chance of exploitation (percentile: 76%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

The Tnef program is a component of Microsoft Outlook that allows sending compressed attachments. However, it also poses a security risk if not properly configured. An attacker can exploit this vulnerability to overwrite arbitrary files on a Linux system by sending a maliciously encoded attachment.

Am I affected?

This vulnerability affects Linux systems with the Tnef program installed. The exact product is Microsoft Outlook. Version info: Not specified in the advisory. Check for the presence of tnef.exe and tnef.dll using the command find / -name "tnef*.exe" 2>/dev/null or find / -name "tnef*.dll" 2>/dev/null.

Affected Products

Microsoft / Outlook

How to fix

To fix this vulnerability, you can:

  1. Disable Tnef support in Microsoft Outlook: Disable Tnef Support
  2. Remove the tnef program from your system: This may require manual removal of files and registry entries.

Immediate mitigations:

  • Do not open attachments from unknown sources.
  • Use antivirus software to scan attachments for malware.

References