Lucene search

K
saintSAINT CorporationSAINT:3E2944089B2233537FB05BC93AE54E50
HistoryMay 04, 2006 - 12:00 a.m.

Outlook Express NNTP LIST buffer overflow

2006-05-0400:00:00
SAINT Corporation
www.saintcorporation.com
16

EPSS

0.974

Percentile

99.9%

Added: 05/04/2006
CVE: CVE-2005-1213
BID: 13951
OSVDB: 17306

Background

Outlook Express is a free e-mail client which is included in Windows operating systems.

Problem

A buffer overflow in Outlook Express allows command execution when processing responses from NNTP servers to LIST commands.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 05-030.

References

<http://www.idefense.com/intelligence/vulnerabilities/display.php?id=263&gt;

Limitations

Exploit works on Outlook Express 5.5 and 6.0. Successful exploitation requires a user to open the exploit in Outlook Express using a URL such as **news://IP_Address**.

Platforms

Windows 2000
Windows XP