Outlook Express NNTP LIST Command Remote Overflow

medium Nessus Network Monitor Plugin ID 3013

Synopsis

The remote host is vulnerable to a buffer overflow.

Description

The remote host is running Outlook Express. This version of Outlook Express is vulnerable to a buffer overflow when malformed NNTP responses are parsed by versions of msoe.dll prior to 6.00.2800.1506. An attacker exploiting this flaw would need to host a malicious NNTP server and be able to convince a local Outlook user to connect to the NNTP server. Successful exploitation would result in arbitrary code being executed on the machine running Outlook Express.

Solution

Upgrade or patch according to vendor recommendations.

See Also

http://www.microsoft.com/technet/security/bulletin/MS05-030.mspx

Plugin Details

Severity: Medium

ID: 3013

Family: SMTP Clients

Published: 6/15/2005

Updated: 3/6/2019

Nessus ID: 18489

Risk Information

VPR

Risk Factor: High

Score: 7.0

CVSS v2

Risk Factor: Medium

Base Score: 4.4

Temporal Score: 3.6

Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 4.9

Temporal Score: 4.6

Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:outlook_express

Exploitable With

Core Impact

Metasploit (Microsoft Outlook Express NNTP Response Parsing Buffer Overflow)

Reference Information

CVE: CVE-2005-1213

BID: 13951