Microsoft Outlook Express S/MIME Buffer Overflow Vulnerability

High Nessus Network Monitor Plugin ID 1291

Synopsis

The remote host is vulnerable to a buffer overflow

Description

The remote host is running a version of Outlook Express that contains an unchecked buffer in the code that generates warning messages when certain error conditions associated with digital signatures are encountered. Execution of arbitrary code in the security context of the current user is possible.

Solution

Microsoft has supplied a patch for 5.5 and 6.0 that may be downloaded from their webpage.

Plugin Details

Severity: High

ID: 1291

File Name: 1291.prm

Family: SMTP Clients

Published: 2004/08/20

Modified: 2016/01/19

Dependencies: 1332

Risk Information

Risk Factor: High

CVSSv2

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 8.1

Temporal Score: 7.5

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:outlook_express

Reference Information

CVE: CVE-2002-1179

BID: 5944

OSVDB: 11422