Microsoft Outlook Express and Windows Mail Integer Overflow Vulnerability
Date Discovered:
05/12/2010
Severity:
High
Operating Systems
Affected:
Windows 2000 SP4
Windows XP SP2
Windows XP SP3
Windows 2000 SP4
Windows XP SP2
Windows XP SP3
Windows XP Professional x64 Edition SP2
Windows Server 2003 SP2
Windows Server 2003 x64 Edition SP2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista SP1 and Windows Vista SP2
Windows Vista x64 Edition SP1
Windows Vista x64 Edition SP2
Windows Server 2008 for 32-bit Systems
Windows Server 2008 for 32-bit Systems SP2
Windows Server 2008 for x64-based Systems
Windows Server 2008 for x64-based Systems SP2
Windows Server 2008 for Itanium-based Systems
Windows Server 2008 for Itanium-based Systems SP2
Windows 7 for 32-bit Systems
Windows 7 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems
Application
Affected:
Microsoft Outlook Express 6
Windows Live Mail
Windows Mail
Identifiers:
CVE-2010-0816
Synopsis
Remote
code
execution vulnerability exists in Microsoft Windows Mail client. Remote
attacker can exploit this issue via sending the specially crafted mail
response.
Windows Mail (formerly Outlook Express) is an online communication tool for use with Windows.
Recently there is vulnerability found in it that allow attacker to gain
the same user rights as the logged-on user. If a user is logged on with
administrative user rights, an attacker could take complete control of
the affected system.
The vulnerability is caused when a common library used by Outlook
Express and Windows Mail insufficiently validates network data before
using that data to calculate the necessary size of a buffer.
An attacker could exploit this vulnerability by setting up a malicious
e-mail server and convincing the client to connect to this machine. He
would then respond with a crafted POP3 or IMAP response, causing the
client to trigger the vulnerability. Alternatively, a man-in-the-middle
could edit specific server responses and cause this vulnerability to be
triggered.
