Summary
Detail | |||
---|---|---|---|
Vendor | Microsoft | First view | 1997-11-01 |
Product | Outlook Express | Last view | 2010-08-27 |
Version | 6.00.2800.1106 | Type | |
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
Date | Alert | Description | |
---|---|---|---|
9.3 | 2010-08-27 | CVE-2010-3147 | Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory, as demonstrated by a directory that contains a Windows Address Book (WAB), VCF (aka vCard), or P7C file, aka "Insecure Library Loading Vulnerability." NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3143. |
9.3 | 2010-05-12 | CVE-2010-0816 | Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6 SP1; Windows Live Mail on Windows XP SP2 and SP3, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; and Windows Mail on Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote e-mail servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) POP3 or (2) IMAP response, as demonstrated by a certain +OK response on TCP port 110, aka "Outlook Express and Windows Mail Integer Overflow Vulnerability." |
4.3 | 2008-12-11 | CVE-2008-5424 | The MimeOleClearDirtyTree function in InetComm.dll in Microsoft Outlook Express 6.00.2900.5512 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (infinite loop) via a large e-mail message, a related issue to CVE-2006-1173. |
7.1 | 2008-08-12 | CVE-2008-1448 | The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via an mhtml: URI in conjunction with a redirection, aka "URL Parsing Cross-Domain Information Disclosure Vulnerability." |
9.3 | 2007-10-09 | CVE-2007-3897 | Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption. |
4.3 | 2007-07-27 | CVE-2007-4040 | Argument injection vulnerability involving Microsoft Outlook and Outlook Express, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670. |
4.3 | 2007-06-12 | CVE-2007-2227 | The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Domain Information Disclosure Vulnerability." |
4.3 | 2007-06-12 | CVE-2007-2225 | A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability." |
6.8 | 2006-12-12 | CVE-2006-2386 | Unspecified vulnerability in Microsoft Outlook Express 6 and earlier allows remote attackers to execute arbitrary code via a crafted contact record in a Windows Address Book (WAB) file. |
4.3 | 2006-05-01 | CVE-2006-2111 | A component in Microsoft Outlook Express 6 allows remote attackers to bypass domain restrictions and obtain sensitive information via redirections with the mhtml: URI handler, as originally reported for Internet Explorer 6 and 7, aka "URL Redirect Cross Domain Information Disclosure Vulnerability." |
5.1 | 2006-04-11 | CVE-2006-0014 | Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values. |
5 | 2005-07-12 | CVE-2005-2226 | Microsoft Outlook Express 6.0 leaks the default news server account when a user responds to a "watched" conversation thread, which could allow remote attackers to obtain sensitive information. |
7.5 | 2005-06-14 | CVE-2005-1213 | Stack-based buffer overflow in the news reader for Microsoft Outlook Express (MSOE.DLL) 5.5 SP2, 6, and 6 SP1 allows remote malicious NNTP servers to execute arbitrary code via a LIST response with a long second field. |
5.8 | 2004-12-31 | CVE-2004-2694 | Microsoft Outlook Express 6.0 allows remote attackers to bypass intended access restrictions, load content from arbitrary sources into the Outlook context, and facilitate phishing attacks via a "BASE HREF" with the target set to "_top". |
5 | 2004-12-31 | CVE-2004-2137 | Outlook Express 6.0, when sending multipart e-mail messages using the "Break apart messages larger than" setting, leaks the BCC recipients of the message to the addresses listed in the To and CC fields, which may allow remote attackers to obtain sensitive information. |
5 | 2004-08-06 | CVE-2004-0526 | Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack. |
5 | 2004-08-06 | CVE-2004-0215 | Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of service (application crash) via a malformed e-mail header. |
10 | 2004-05-04 | CVE-2004-0380 | The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the "MHTML URL Processing Vulnerability." |
8.8 | 2003-12-31 | CVE-2003-1378 | Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077. |
5 | 2003-06-16 | CVE-2003-0301 | The IMAP Client for Outlook Express 6.00.2800.1106 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors. |
5 | 2003-06-16 | CVE-2003-0300 | The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors. |
3.8 | 2002-12-31 | CVE-2002-2202 | Outlook Express 6.0 does not delete messages from dbx files, even when a user empties the Deleted items folder, which allows local users to read other users email. |
5 | 2002-12-31 | CVE-2002-2164 | Buffer overflow in Microsoft Outlook Express 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (crash) via a long link. |
7.5 | 2002-10-28 | CVE-2002-1179 | Buffer overflow in the S/MIME Parsing capability in Microsoft Outlook Express 5.5 and 6.0 allows remote attackers to execute arbitrary code via a digitally signed email with a long "From" address, which triggers the overflow when the user views or previews the message. |
7.5 | 2002-05-31 | CVE-2002-0285 | Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR") in a message header as if it were a valid carriage return/line feed combination (CR/LF), which could allow remote attackers to bypass virus protection and or other filtering mechanisms via a mail message with headers that only contain the CR, which causes Outlook to create separate headers. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
37% (3) | CWE-264 | Permissions, Privileges, and Access Controls |
12% (1) | CWE-399 | Resource Management Errors |
12% (1) | CWE-200 | Information Exposure |
12% (1) | CWE-189 | Numeric Errors |
12% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
12% (1) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
CAPEC : Common Attack Pattern Enumeration & Classification
id | Name |
---|---|
CAPEC-58 | Restful Privilege Elevation |
CAPEC-209 | Cross-Site Scripting Using MIME Type Mismatch |
Oval Markup Language : Definitions
OvalID | Name |
---|---|
oval:org.mitre.oval:def:3376 | Microsoft Outlook Express v6.0 (WinXP) Malformed Email Header Denial of Service |
oval:org.mitre.oval:def:2657 | Outlook Express v6.0 for Server 2003 Malformed Email Header Denial of Service |
oval:org.mitre.oval:def:2137 | Outlook Express v5.5,SP2 Malformed Email Header Denial of Service |
oval:org.mitre.oval:def:1950 | Microsoft Outlook Express v6,SP1 Malformed Email Header Denial of Service |
oval:org.mitre.oval:def:990 | Microsoft Outlook Express v6.0 MHTML URL Processing Vulnerability |
oval:org.mitre.oval:def:882 | Microsoft Outlook Express v5.5,SP2 MHTML URL Processing Vulnerability |
oval:org.mitre.oval:def:1028 | Microsoft Outlook Express v6.0 for Server 2003 MHTML URL Processing Vulnerabi... |
oval:org.mitre.oval:def:1010 | Microsoft Outlook Express v6.0,SP1 MHTML URL Processing Vulnerability |
oval:org.mitre.oval:def:989 | Microsoft Outlook Express 6,SP1 News Reading Vulnerability |
oval:org.mitre.oval:def:167 | Microsoft Outlook Express 6,2003 News Reading Vulnerability |
oval:org.mitre.oval:def:1088 | Microsoft Outlook Express 5.5,SP2 News Reading Vulnerability |
oval:org.mitre.oval:def:812 | Microsoft Outlook Express 6 (S03-Gold) WAB Remote Code Execution Vulnerability |
oval:org.mitre.oval:def:1791 | Microsoft Outlook Express 6 (S03,SP1) WAB Remote Code Execution Vulnerability |
oval:org.mitre.oval:def:1780 | Microsoft Outlook Express 5.5 WAB Remote Code Execution Vulnerability |
oval:org.mitre.oval:def:1771 | Microsoft Outlook Express 6 (S03-Gold, Itanium) WAB Remote Code Execution Vul... |
oval:org.mitre.oval:def:1769 | Microsoft Outlook Express 6 (64-bit XP) WAB Remote Code Execution Vulnerability |
oval:org.mitre.oval:def:1682 | Microsoft Outlook Express 6,SP1 WAB Remote Code Execution Vulnerability |
oval:org.mitre.oval:def:1611 | Microsoft Outlook Express 6 (XP,SP2) WAB Remote Code Execution Vulnerability |
oval:org.mitre.oval:def:1605 | URL Redirect Cross Domain Information Disclosure Vulnerability |
oval:org.mitre.oval:def:1055 | Windows Address Book Contact Record Vulnerability |
oval:org.mitre.oval:def:2045 | URL Parsing Cross Domain Information Disclosure Vulnerability |
oval:org.mitre.oval:def:2085 | Content Disposition Parsing Cross Domain Information Disclosure Vulnerability |
oval:org.mitre.oval:def:1706 | Network News Transfer Protocol Memory Corruption Vulnerability |
oval:org.mitre.oval:def:5886 | URL Parsing Cross-Domain Information Disclosure Vulnerability |
oval:org.mitre.oval:def:6734 | Outlook Express and Windows Mail Integer Overflow Vulnerability |
SAINT Exploits
Description | Link |
---|---|
Outlook Express NNTP LIST buffer overflow | More info here |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
67553 | Microsoft Windows Contacts Path Subversion Arbitrary DLL Injection Code Execu... |
64530 | Microsoft Outlook Express / Windows Mail STAT Response Overflow |
60397 | Microsoft Outlook HTML Email CODEBASE Parameter Arbitrary Program Execution |
59502 | Microsoft IE / Outlook Express Crafted XML Stylesheet (XSL) Arbitrary Script ... |
59500 | Microsoft IE HTML Parser (MSHTML.DLL) Browser Window Object Handling DoS |
57638 | Microsoft Outlook Express IMAP Client literal_size Remote Overflow |
57637 | Sylpheed IMAP Client literal_size Remote Overflow |
50974 | Microsoft Outlook Express InetComm.dll MimeOleClearDirtyTree Function Malform... |
47413 | Microsoft IE MHTML Protocol Handler Cross-Domain Information Disclosure |
46931 | Microsoft Outlook/Express Unspecified URI Handling Arbitrary Command Injection |
37631 | Microsoft Windows Malformed NNTP Response Remote Memory Corruption |
35346 | Microsoft Outlook Express / Windows Mail MHTML Content Disposition Parsing Cr... |
35345 | Microsoft Outlook Express / Windows Mail URL Parsing Cross Domain Information... |
30821 | Microsoft Outlook Express Windows Address Book Contact Record Code Execution |
25073 | Microsoft IE mhtml: Redirection Domain Restriction Bypass |
24519 | Microsoft Outlook Express Windows Address Book (.wab) Processing Overflow |
18241 | Microsoft Outlook Express begin Keyword Message Handling DoS |
17306 | Microsoft Outlook Express NNTP LIST Command Remote Overflow |
11954 | Microsoft Outlook Express .dbx Deleted E-mail Persistence |
11953 | Microsoft Outlook Express A HREF Link Overflow DoS |
11942 | Microsoft Outlook Express Email Forward Blocked Attachment Access |
11938 | Microsoft Outlook Express Attachment Filename Overflow |
11422 | Microsoft Outlook Express S/MIME Parsing Routine Remote Overflow |
11419 | Microsoft Outlook Express Header Carriage Return Filter Bypass |
11418 | Microsoft Outlook Express text/plain MIME Content Embedded SCRIPT Tag Command... |
ExploitDB Exploits
id | Description |
---|---|
12564 | Microsoft Windows Outlook Express and Windows Mail Integer Overflow |
OpenVAS Exploits
id | Description |
---|---|
2011-01-14 | Name : Microsoft Outlook Express/Windows Mail MHTML URI Handler Information Disclosu... File : nvt/gb_ms07-034.nasl |
2011-01-14 | Name : Microsoft Outlook Express And Windows Mail NNTP Protocol Heap Buffer Overflow... File : nvt/gb_ms07-056.nasl |
2010-12-15 | Name : Microsoft Windows Address Book Remote Code Execution Vulnerability (2423089) File : nvt/secpod_ms10-096.nasl |
2010-05-13 | Name : Microsoft Outlook Express and Windows Mail Remote Code Execution Vulnerabilit... File : nvt/secpod_ms10-030.nasl |
2008-12-18 | Name : Microsoft Outlook Express Malformed MIME Message DoS Vulnerability File : nvt/gb_ms_outlook_express_dos_vuln.nasl |
2008-08-19 | Name : Security Update for Outlook Express (951066) File : nvt/secpod_ms08-048_900031.nasl |
2005-11-03 | Name : IIS XSS via 404 error File : nvt/iis_xss_404.nasl |
2005-11-03 | Name : IE 5.01 5.5 6.0 Cumulative patch (890923) File : nvt/smb_nt_ms02-005.nasl |
Information Assurance Vulnerability Management (IAVM)
id | Description |
---|---|
2010-A-0173 | Microsoft Windows Address Book Remote Code Execution Vulnerability Severity: Category II - VMSKEY: V0025845 |
2010-B-0039 | Microsoft Outlook Express and Windows Mail Remote Code Executio Vulnerability Severity: Category II - VMSKEY: V0024168 |
2007-B-0011 | Multiple Vulnerabilities in Microsoft Outlook Express and Windows Mail Severity: Category II - VMSKEY: V0014354 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Windows Address Book file magic detected RuleID : 9639 - Type : FILE-IDENTIFY - Revision : 14 |
2014-01-10 | Microsoft Office Outlook Express NNTP response overflow attempt RuleID : 9431 - Type : FILE-OFFICE - Revision : 15 |
2014-01-10 | Microsoft Windows Address Book Base64 encoded attachment detected RuleID : 6413 - Type : SERVER-MAIL - Revision : 10 |
2014-01-10 | Microsoft Windows Address Book attachment detected RuleID : 6412 - Type : SERVER-MAIL - Revision : 10 |
2017-12-07 | Microsoft Outlook Express mhtml code execution attempt RuleID : 44735 - Type : SERVER-MAIL - Revision : 2 |
2017-12-07 | Microsoft Outlook Express mhtml code execution attempt RuleID : 44734 - Type : SERVER-MAIL - Revision : 2 |
2014-01-10 | Microsoft Internet Explorer Active Setup ActiveX object access RuleID : 4154 - Type : BROWSER-PLUGINS - Revision : 12 |
2015-02-24 | Outlook Express WAB file parsing buffer overflow attempt RuleID : 33198 - Type : OS-WINDOWS - Revision : 2 |
2014-01-10 | Microsoft Windows Address Book file magic detected RuleID : 23722 - Type : FILE-IDENTIFY - Revision : 6 |
2014-01-10 | Outlook Express WAB file parsing buffer overflow attempt RuleID : 18590 - Type : OS-WINDOWS - Revision : 12 |
2014-01-10 | Microsoft Windows Address Book request for msoeres32.dll over SMB attempt RuleID : 18207 - Type : OS-WINDOWS - Revision : 16 |
2014-01-10 | Microsoft Windows Address Book request for wab32res.dll over SMB attempt RuleID : 18206 - Type : OS-WINDOWS - Revision : 17 |
2014-01-10 | Microsoft Windows Address Book msoeres32.dll dll-load exploit attempt RuleID : 18205 - Type : OS-WINDOWS - Revision : 16 |
2014-01-10 | Microsoft Windows Address Book wab32res.dll dll-load exploit attempt RuleID : 18204 - Type : OS-WINDOWS - Revision : 17 |
2014-01-10 | Microsoft Windows Mail remote code execution attempt RuleID : 16595 - Type : SERVER-MAIL - Revision : 16 |
2014-01-10 | Microsoft Office Outlook Express and Windows Mail NNTP handling buffer overfl... RuleID : 16428 - Type : FILE-OFFICE - Revision : 11 |
2014-01-10 | Microsoft Internet Explorer MHTML zone control bypass attempt RuleID : 13962 - Type : BROWSER-IE - Revision : 12 |
2014-01-10 | XHDR buffer overflow attempt RuleID : 12636 - Type : PROTOCOL-NNTP - Revision : 6 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2010-12-15 | Name: Arbitrary code can be executed on the remote host through Windows Address Book. File: smb_nt_ms10-096.nasl - Type: ACT_GATHER_INFO |
2010-05-11 | Name: An integer overflow vulnerability is present on the remote host due to an iss... File: smb_nt_ms10-030.nasl - Type: ACT_GATHER_INFO |
2008-08-13 | Name: An information disclosure vulnerability is present on the remote host due to ... File: smb_nt_ms08-048.nasl - Type: ACT_GATHER_INFO |
2007-10-09 | Name: Arbitrary code can be executed on the remote host through the email client. File: smb_nt_ms07-056.nasl - Type: ACT_GATHER_INFO |
2007-06-12 | Name: Arbitrary code can be executed on the remote host through the email client. File: smb_nt_ms07-034.nasl - Type: ACT_GATHER_INFO |
2006-12-12 | Name: Arbitrary code can be executed on the remote host through the email client. File: smb_nt_ms06-076.nasl - Type: ACT_GATHER_INFO |
2006-04-11 | Name: Arbitrary code can be executed on the remote host through the email client. File: smb_nt_ms06-016.nasl - Type: ACT_GATHER_INFO |
2005-07-12 | Name: A denial of service attack can be launched against the remote Outlook Express... File: smb_kb900930.nasl - Type: ACT_GATHER_INFO |
2005-06-14 | Name: Arbitrary code can be executed on the remote host through the email client. File: smb_nt_ms05-030.nasl - Type: ACT_GATHER_INFO |
2004-07-13 | Name: It is possible to crash the remote email client. File: smb_nt_ms04-018.nasl - Type: ACT_GATHER_INFO |
2004-04-13 | Name: Arbitrary code can be executed on the remote host through the web client. File: smb_nt_ms04-013.nasl - Type: ACT_GATHER_INFO |
2002-04-11 | Name: The remote web server is affected by multiple vulnerabilities. File: iis_xss_404.nasl - Type: ACT_GATHER_INFO |