Info

Disclosure

May 11, 2010

Discovery

Unknown

Dates

Exploit

May 11, 2010

Solution

May 11, 2010

Description

Outlook Express and Windows Live Mail are prone to an overflow condition. The application fails to properly sanitize server-supplied input resulting in an integer overflow. With a specially crafted STAT response, a remote attacker can potentially cause arbitrary code execution.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Public
Disclosure: Vendor Verified, Vendor Verified, Coordinated Disclosure

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Products

Microsoft Corporation	Outlook Express	2000
		XP SP3
		2003
	Windows Mail	2008

References

Exploit Database: 12564
CVE ID: 2010-0816 (see also: NVD)
Secunia Advisory ID: 39766
Bugtraq ID: 40052
SCIP VulDB ID: 4126
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2010-05/0068.html
Other Advisory URL: http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=13&Itemid=13
News Article: http://www.theregister.co.uk/2010/05/12/may_patch_tuesday/
Microsoft Security Bulletin: ms10-030

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/64530

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

Outlook Express

Windows Mail

References

Credit