Executive Summary

Informations
Name MS05-030 First vendor Publication N/A
Vendor Microsoft Last vendor Modification N/A
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Cumulative Security Update in Outlook Express (897715)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:1088
 
Oval ID: oval:org.mitre.oval:def:1088
Title: Microsoft Outlook Express 5.5,SP2 News Reading Vulnerability
Description: Stack-based buffer overflow in the news reader for Microsoft Outlook Express (MSOE.DLL) 5.5 SP2, 6, and 6 SP1 allows remote malicious NNTP servers to execute arbitrary code via a LIST response with a long second field.
Family: windows Class: vulnerability
Reference(s): CVE-2005-1213
Version: 1
Platform(s): Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Product(s): Microsoft Outlook Express
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:167
 
Oval ID: oval:org.mitre.oval:def:167
Title: Microsoft Outlook Express 6,2003 News Reading Vulnerability
Description: Stack-based buffer overflow in the news reader for Microsoft Outlook Express (MSOE.DLL) 5.5 SP2, 6, and 6 SP1 allows remote malicious NNTP servers to execute arbitrary code via a LIST response with a long second field.
Family: windows Class: vulnerability
Reference(s): CVE-2005-1213
Version: 1
Platform(s): Microsoft Windows Server 2003
Product(s): Microsoft Outlook Express
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:989
 
Oval ID: oval:org.mitre.oval:def:989
Title: Microsoft Outlook Express 6,SP1 News Reading Vulnerability
Description: Stack-based buffer overflow in the news reader for Microsoft Outlook Express (MSOE.DLL) 5.5 SP2, 6, and 6 SP1 allows remote malicious NNTP servers to execute arbitrary code via a LIST response with a long second field.
Family: windows Class: vulnerability
Reference(s): CVE-2005-1213
Version: 3
Platform(s): Microsoft Windows XP
Product(s): Microsoft Outlook Express
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 3

SAINT Exploits

Description Link
Outlook Express NNTP LIST buffer overflow More info here

ExploitDB Exploits

id Description
2010-05-09 Microsoft Outlook Express NNTP Response Parsing Buffer Overflow
2005-06-24 MS Outlook Express NNTP Buffer Overflow Exploit (MS05-030)

Open Source Vulnerability Database (OSVDB)

Id Description
17306 Microsoft Outlook Express NNTP LIST Command Remote Overflow

A remote overflow exists in Windows. Outlook Express fails to validate results returned by an NNTP server to a LIST command before passing it to MSOE.DLL, resulting in a stack overflow. With a specially crafted request, an attacker can cause arbitrary code execution as the user resulting in a loss of integrity.

Snort® IPS/IDS

Date Description
2014-01-10 Microsoft Office Outlook Express NNTP response overflow attempt
RuleID : 9431 - Revision : 15 - Type : FILE-OFFICE

Metasploit Database

id Description
2005-06-14 MS05-030 Microsoft Outlook Express NNTP Response Parsing Buffer Overflow

Nessus® Vulnerability Scanner

Date Description
2005-07-12 Name : A denial of service attack can be launched against the remote Outlook Express...
File : smb_kb900930.nasl - Type : ACT_GATHER_INFO
2005-06-14 Name : Arbitrary code can be executed on the remote host through the email client.
File : smb_nt_ms05-030.nasl - Type : ACT_GATHER_INFO
2004-07-13 Name : It is possible to crash the remote email client.
File : smb_nt_ms04-018.nasl - Type : ACT_GATHER_INFO
2004-04-13 Name : Arbitrary code can be executed on the remote host through the web client.
File : smb_nt_ms04-013.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2020-05-23 13:17:12
  • Multiple Updates
2014-02-17 11:45:12
  • Multiple Updates
2014-01-19 21:29:55
  • Multiple Updates