ID CVE-2005-1213
Summary Stack-based buffer overflow in the news reader for Microsoft Outlook Express (MSOE.DLL) 5.5 SP2, 6, and 6 SP1 allows remote malicious NNTP servers to execute arbitrary code via a LIST response with a long second field.
References
Vulnerable Configurations
  • Microsoft outlook_express 5.5 sp2
    cpe:2.3:a:microsoft:outlook_express:5.5:sp2
  • Microsoft outlook_express 6.0
    cpe:2.3:a:microsoft:outlook_express:6.0
  • cpe:2.3:a:microsoft:outlook_express:6.0:sp1
    cpe:2.3:a:microsoft:outlook_express:6.0:sp1
CVSS
Base: 7.5 (as of 16-06-2005 - 15:01)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
  • description MS Outlook Express NNTP Buffer Overflow Exploit (MS05-030). CVE-2005-1213. Remote exploit for windows platform
    id EDB-ID:1066
    last seen 2016-01-31
    modified 2005-06-24
    published 2005-06-24
    reporter eyas
    source https://www.exploit-db.com/download/1066/
    title Microsoft Outlook Express NNTP Buffer Overflow Exploit MS05-030
  • description Microsoft Outlook Express NNTP Response Parsing Buffer Overflow. CVE-2005-1213. Remote exploit for windows platform
    id EDB-ID:16379
    last seen 2016-02-01
    modified 2010-05-09
    published 2010-05-09
    reporter metasploit
    source https://www.exploit-db.com/download/16379/
    title Microsoft Outlook Express NNTP Response Parsing Buffer Overflow
metasploit via4
description This module exploits a stack buffer overflow in the news reader of Microsoft Outlook Express.
id MSF:EXPLOIT/WINDOWS/NNTP/MS05_030_NNTP
last seen 2019-03-16
modified 2017-07-24
published 2006-12-15
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/nntp/ms05_030_nntp.rb
title MS05-030 Microsoft Outlook Express NNTP Response Parsing Buffer Overflow
nessus via4
NASL family Windows : Microsoft Bulletins
NASL id SMB_NT_MS05-030.NASL
description The remote host is running a version of Microsoft Outlook Express that could allow an attacker to execute arbitrary code on the remote host. To exploit this flaw, an attacker would need to lure a user to connect to a rogue NNTP (news) server sending malformed replies to several queries.
last seen 2019-02-21
modified 2018-11-15
plugin id 18489
published 2005-06-14
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=18489
title MS05-030: Vulnerability in Outlook Express Could Allow Remote Code Execution (897715)
oval via4
  • accepted 2005-10-12T05:49:00.000-04:00
    class vulnerability
    contributors
    name Ingrid Skoog
    organization The MITRE Corporation
    description Stack-based buffer overflow in the news reader for Microsoft Outlook Express (MSOE.DLL) 5.5 SP2, 6, and 6 SP1 allows remote malicious NNTP servers to execute arbitrary code via a LIST response with a long second field.
    family windows
    id oval:org.mitre.oval:def:1088
    status accepted
    submitted 2005-08-16T04:00:00.000-04:00
    title Microsoft Outlook Express 5.5,SP2 News Reading Vulnerability
    version 63
  • accepted 2005-10-12T05:49:00.000-04:00
    class vulnerability
    contributors
    name Ingrid Skoog
    organization The MITRE Corporation
    description Stack-based buffer overflow in the news reader for Microsoft Outlook Express (MSOE.DLL) 5.5 SP2, 6, and 6 SP1 allows remote malicious NNTP servers to execute arbitrary code via a LIST response with a long second field.
    family windows
    id oval:org.mitre.oval:def:167
    status accepted
    submitted 2005-08-16T04:00:00.000-04:00
    title Microsoft Outlook Express 6,2003 News Reading Vulnerability
    version 63
  • accepted 2015-08-10T04:01:12.929-04:00
    class vulnerability
    contributors
    • name Ingrid Skoog
      organization The MITRE Corporation
    • name Maria Mikhno
      organization ALTX-SOFT
    definition_extensions
    comment Microsoft Outlook Express 6 SP1 is installed.
    oval oval:org.mitre.oval:def:488
    description Stack-based buffer overflow in the news reader for Microsoft Outlook Express (MSOE.DLL) 5.5 SP2, 6, and 6 SP1 allows remote malicious NNTP servers to execute arbitrary code via a LIST response with a long second field.
    family windows
    id oval:org.mitre.oval:def:989
    status accepted
    submitted 2005-08-16T04:00:00.000-04:00
    title Microsoft Outlook Express 6,SP1 News Reading Vulnerability
    version 65
packetstorm via4
data source https://packetstormsecurity.com/files/download/83025/ms05_030_nntp.rb.txt
id PACKETSTORM:83025
last seen 2016-12-05
published 2009-11-26
reporter MC
source https://packetstormsecurity.com/files/83025/Microsoft-Outlook-Express-NNTP-Response-Parsing-Buffer-Overflow.html
title Microsoft Outlook Express NNTP Response Parsing Buffer Overflow
refmap via4
bid 13951
cert-vn VU#130614
idefense 20050614 Microsoft Outlook Express NNTP Response Parsing Buffer Overflow Vulnerability
ms MS05-030
sectrack 1014200
saint via4
bid 13951
description Outlook Express NNTP LIST buffer overflow
id mail_client_msoenntp
osvdb 17306
title outlook_express_nntp
type client
Last major update 10-09-2008 - 15:38
Published 14-06-2005 - 00:00
Last modified 12-10-2018 - 17:36
Back to Top