HOME > VULNERABILITY


   VULNERABILITY

 

CERT-In Vulnerability Note CIVN-2010-139
Integer Overflow Vulnerability in Microsoft Outlook Express and Microsoft Windows Mail

Original Issue Date: May 12, 2010

Severity Rating:High

System Affected

  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows XP Service Pack 2
  • Microsoft Windows XP Service Pack 3
  • Microsoft Windows XP Professional x64 Edition Service Pack 2
  • Microsoft Windows Server 2003 Service Pack 2
  • Microsoft Windows Server 2003 x64 Edition Service Pack 2
  • Microsoft Windows Server 2003 with SP2 for Itanium-based Systems
  • Microsoft Windows Vista Service Pack 1
  • Microsoft Windows Vista Service Pack 2
  • Microsoft Windows Vista x64 Edition Service Pack 1
  • Microsoft Windows Vista x64 Edition Service Pack 2
  • Microsoft Windows Server 2008 for 32-bit Systems
  • Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2
  • Microsoft Windows Server 2008 for x64-based Systems
  • Microsoft Windows Server 2008 for x64-based Systems Service Pack 2
  • Microsoft Windows Server 2008 for Itanium-based Systems
  • Microsoft Windows Server 2008 for Itanium-based Systems Service Pack 2
  • Microsoft Windows 7 for 32-bit Systems
  • Microsoft Windows 7 for x64-based Systems
  • Microsoft Windows Server 2008 R2 for x64-based Systems
  • Microsoft Windows Server 2008 R2 for Itanium-based Systems

Affected Components

  • Microsoft Outlook Express 5.5 Service Pack 2
  • Microsoft Outlook Express 6 Service Pack 1
  • Microsoft Outlook Express 6
  • Windows Live Mail
  • Windows Mail

Overview

A vulnerability has been reported in Microsoft Outlook Express and Windows Live Mail which could allow an unauthenticated, remote attacker to execute arbitrary code and to take complete control of an affected system.

Description

A remote code execution vulnerability has been reported in Microsoft Outlook Express and Windows Mail. The vulnerability is caused due to insufficient boundary restrictions on data contained within e-mail server responses while processing malicious POP3 or IMAP response. A remote attacker could exploit this vulnerability by convincing a user to connect to a malicious mail server using the affected application. When processing malicious responses sent from the server, the application could cause a buffer overflow, corrupting memory and allow attacker to execute arbitrary code on the system with the privileges of currently logged-in user.

Workaround

  • Use web-based e-mail instead of IMAP or POP3 for checking
    e-mails, if possible.

Solution

Apply appropriate updates as mentioned in the Microsoft Security Bulletin MS10-030 .

Note:

  • Microsoft Windows Server 2008 or Microsoft Windows Server 2008 R2 installed using Server core installation option are not affected with this vulnerability.
  • Microsoft Windows Mail and Microsoft Windows Live Mail are out-of-box components, systems are affected with this vulnerability only if either of these components are installed separately on system.

Vendor Information

Microsoft
http://www.microsoft.com/technet/security/bulletin/MS10-030.mspx

References

Microsoft
http://www.microsoft.com/technet/security/bulletin/MS10-030.mspx

SecurityFocus 
http://www.securityfocus.com/archive/1/511227

SecurityTracker
http://securitytracker.com/alerts/2010/May/1023972.html

VUPEN 
http://www.vupen.com/english/advisories/2010/1111

CISCO
http://tools.cisco.com/security/center/viewAlert.x?alertId=20427

CVE Name  
CVE-2010-0816

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003