|
|
Info |
Last Modified |
| 10 months ago |
|
|
|
|
Description |
A remote overflow exists in Windows. Outlook Express fails to validate results returned by an NNTP server to a LIST command before passing it to MSOE.DLL, resulting in a stack overflow. With a specially crafted request, an attacker can cause arbitrary code execution as the user resulting in a loss of integrity.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Input Manipulation
Impact:
Loss of Integrity
Exploit:
Exploit Unknown
Disclosure:
OSVDB Verified
|
|
Solution |
Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability on most affected platforms. Microsoft has not released a patch for Windows 98, 98SE, or ME.
|
|
Products |
|
Windows
 |
2000 SP3 |
2000 SP4 |
XP 64-Bit SP1 |
XP 64-Bit Edition 2003 |
98 |
98 SE |
ME |
Windows Server
|
2003 for Itanium |
2003 |
|
|
|
|
|
|
Credit |
Unknown or Incomplete
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
