Outlook Express NNTP LIST Command Remote Overflow

Medium Nessus Network Monitor Plugin ID 3013


The remote host is vulnerable to a buffer overflow.


The remote host is running Outlook Express. This version of Outlook Express is vulnerable to a buffer overflow when malformed NNTP responses are parsed by versions of msoe.dll prior to 6.00.2800.1506. An attacker exploiting this flaw would need to host a malicious NNTP server and be able to convince a local Outlook user to connect to the NNTP server. Successful exploitation would result in arbitrary code being executed on the machine running Outlook Express.


Upgrade or patch according to vendor recommendations.

See Also


Plugin Details

Severity: Medium

ID: 3013

Family: SMTP Clients

Published: 2005/06/15

Modified: 2018/09/16

Dependencies: 1332

Nessus ID: 18489

Risk Information

Risk Factor: Medium


Base Score: 4.4

Temporal Score: 3.6

Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C


Base Score: 4.8

Temporal Score: 4.4


Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:outlook_express

Exploitable With

Core Impact

Metasploit (Microsoft Outlook Express NNTP Response Parsing Buffer Overflow)

Reference Information

CVE: CVE-2005-1213

BID: 13951