Microsoft Outlook Express S/MIME Buffer Overflow Vulnerability

High Nessus Network Monitor Plugin ID 1291


The remote host is vulnerable to a buffer overflow


The remote host is running a version of Outlook Express that contains an unchecked buffer in the code that generates warning messages when certain error conditions associated with digital signatures are encountered. Execution of arbitrary code in the security context of the current user is possible.


Microsoft has supplied a patch for 5.5 and 6.0 that may be downloaded from their webpage.

Plugin Details

Severity: High

ID: 1291

File Name: 1291.prm

Family: SMTP Clients

Published: 2004/08/20

Modified: 2016/01/19

Dependencies: 1332

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C


Base Score: 8.1

Temporal Score: 7.5


Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:outlook_express

Reference Information

CVE: CVE-2002-1179

BID: 5944

OSVDB: 11422