CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
99.9%
Added: 05/04/2006
CVE: CVE-2005-1213
BID: 13951
OSVDB: 17306
Outlook Express is a free e-mail client which is included in Windows operating systems.
A buffer overflow in Outlook Express allows command execution when processing responses from NNTP servers to LIST commands.
Apply the patch referenced in Microsoft Security Bulletin 05-030.
<http://www.idefense.com/intelligence/vulnerabilities/display.php?id=263>
Exploit works on Outlook Express 5.5 and 6.0. Successful exploitation requires a user to open the exploit in Outlook Express using a URL such as **news://IP_Address**
.
Windows 2000
Windows XP