Added: 05/04/2006
CVE: CVE-2005-1213
BID: 13951
OSVDB: 17306
Outlook Express is a free e-mail client which is included in Windows operating systems.
A buffer overflow in Outlook Express allows command execution when processing responses from NNTP servers to LIST commands.
Apply the patch referenced in Microsoft Security Bulletin 05-030.
<http://www.idefense.com/intelligence/vulnerabilities/display.php?id=263>
Exploit works on Outlook Express 5.5 and 6.0. Successful exploitation requires a user to open the exploit in Outlook Express using a URL such as **news://IP_Address**
.
Windows 2000
Windows XP