ID CVE-2005-1213
Summary Stack-based buffer overflow in the news reader for Microsoft Outlook Express (MSOE.DLL) 5.5 SP2, 6, and 6 SP1 allows remote malicious NNTP servers to execute arbitrary code via a LIST response with a long second field.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:outlook_express:5.5:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:outlook_express:5.5:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:outlook_express:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:outlook_express:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:outlook_express:6.0:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:outlook_express:6.0:sp1:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 12-10-2018 - 21:36)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
oval via4
  • accepted 2005-10-12T05:49:00.000-04:00
    class vulnerability
    contributors
    name Ingrid Skoog
    organization The MITRE Corporation
    description Stack-based buffer overflow in the news reader for Microsoft Outlook Express (MSOE.DLL) 5.5 SP2, 6, and 6 SP1 allows remote malicious NNTP servers to execute arbitrary code via a LIST response with a long second field.
    family windows
    id oval:org.mitre.oval:def:1088
    status accepted
    submitted 2005-08-16T04:00:00.000-04:00
    title Microsoft Outlook Express 5.5,SP2 News Reading Vulnerability
    version 64
  • accepted 2005-10-12T05:49:00.000-04:00
    class vulnerability
    contributors
    name Ingrid Skoog
    organization The MITRE Corporation
    description Stack-based buffer overflow in the news reader for Microsoft Outlook Express (MSOE.DLL) 5.5 SP2, 6, and 6 SP1 allows remote malicious NNTP servers to execute arbitrary code via a LIST response with a long second field.
    family windows
    id oval:org.mitre.oval:def:167
    status accepted
    submitted 2005-08-16T04:00:00.000-04:00
    title Microsoft Outlook Express 6,2003 News Reading Vulnerability
    version 64
  • accepted 2015-08-10T04:01:12.929-04:00
    class vulnerability
    contributors
    • name Ingrid Skoog
      organization The MITRE Corporation
    • name Maria Mikhno
      organization ALTX-SOFT
    definition_extensions
    comment Microsoft Outlook Express 6 SP1 is installed.
    oval oval:org.mitre.oval:def:488
    description Stack-based buffer overflow in the news reader for Microsoft Outlook Express (MSOE.DLL) 5.5 SP2, 6, and 6 SP1 allows remote malicious NNTP servers to execute arbitrary code via a LIST response with a long second field.
    family windows
    id oval:org.mitre.oval:def:989
    status accepted
    submitted 2005-08-16T04:00:00.000-04:00
    title Microsoft Outlook Express 6,SP1 News Reading Vulnerability
    version 66
refmap via4
bid 13951
cert-vn VU#130614
idefense 20050614 Microsoft Outlook Express NNTP Response Parsing Buffer Overflow Vulnerability
sectrack 1014200
saint via4
bid 13951
description Outlook Express NNTP LIST buffer overflow
id mail_client_msoenntp
osvdb 17306
title outlook_express_nntp
type client
Last major update 12-10-2018 - 21:36
Published 14-06-2005 - 04:00
Last modified 12-10-2018 - 21:36
Back to Top