Lucene search

K
saintSAINT CorporationSAINT:6311EAB3D01069EAF2AF41C16CC0F041
HistoryMay 04, 2006 - 12:00 a.m.

Outlook Express NNTP LIST buffer overflow

2006-05-0400:00:00
SAINT Corporation
my.saintcorporation.com
31

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.974

Percentile

99.9%

Added: 05/04/2006
CVE: CVE-2005-1213
BID: 13951
OSVDB: 17306

Background

Outlook Express is a free e-mail client which is included in Windows operating systems.

Problem

A buffer overflow in Outlook Express allows command execution when processing responses from NNTP servers to LIST commands.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 05-030.

References

<http://www.idefense.com/intelligence/vulnerabilities/display.php?id=263&gt;

Limitations

Exploit works on Outlook Express 5.5 and 6.0. Successful exploitation requires a user to open the exploit in Outlook Express using a URL such as **news://IP_Address**.

Platforms

Windows 2000
Windows XP

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.974

Percentile

99.9%