Outlook Express NNTP LIST buffer overflow

Added: 05/04/2006
CVE: CVE-2005-1213
BID: 13951
OSVDB: 17306

Background

Outlook Express is a free e-mail client which is included in Windows operating systems.

Problem

A buffer overflow in Outlook Express allows command execution when processing responses from NNTP servers to LIST commands.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 05-030.

References

http://www.idefense.com/intelligence/vulnerabilities/display.php?id=263

Limitations

Exploit works on Outlook Express 5.5 and 6.0. Successful exploitation requires a user to open the exploit in Outlook Express using a URL such as news://IP_Address.

Platforms

Windows 2000
Windows XP

Back to exploit index