Microsoft Outlook Express NNTP LIST Command Remote Overflow

2005-06-14T18:02:43
ID OSVDB:17306
Type osvdb
Reporter OSVDB
Modified 2005-06-14T18:02:43

Description

Vulnerability Description

A remote overflow exists in Windows. Outlook Express fails to validate results returned by an NNTP server to a LIST command before passing it to MSOE.DLL, resulting in a stack overflow. With a specially crafted request, an attacker can cause arbitrary code execution as the user resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability on most affected platforms. Microsoft has not released a patch for Windows 98, 98SE, or ME.

Short Description

A remote overflow exists in Windows. Outlook Express fails to validate results returned by an NNTP server to a LIST command before passing it to MSOE.DLL, resulting in a stack overflow. With a specially crafted request, an attacker can cause arbitrary code execution as the user resulting in a loss of integrity.

References:

Security Tracker: 1014200 Secunia Advisory ID:15695 Other Advisory URL: http://www.idefense.com/application/poi/display?id=263&type=vulnerabilities Microsoft Security Bulletin: MS05-030 Microsoft Knowledge Base Article: 897715 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-06/0173.html Generic Exploit URL: http://www.securiteam.com/exploits/5LP0Q20G0Y.html CVE-2005-1213