CVE Number | Vulnerability | Product | Severity | Date |
---|---|---|---|---|
MS07-056 | Security Update for Outlook Express and Windows Mail(941202) | Microsoft Outlook | Critical | 11-10-2007 |
Technical Information
Brief overview of the risk:
This critical security update resolves one privately reported vulnerability. The vulnerability could allow remote code execution due to an incorrectly handled malformed NNTP response.
Detailed Information on the risk:
A remote code execution vulnerability exists in Outlook Express and Windows Mail for Microsoft Vista, due to an incorrectly handled malformed NNTP response. An attacker could exploit the vulnerability by constructing a specially crafted Web page. If a user viewed the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.Further information on this exploit is available at : MS07-056
Affected Software
Microsoft Outlook Express 5.5 Service Pack 2 (Microsoft Windows 2000 Service Pack 4)Microsoft Outlook Express 6.0 (Microsoft Windows Server 2003 Service Pack 1)
Microsoft Outlook Express 6.0 (Microsoft Windows Server 2003 Service Pack 2)
Microsoft Outlook Express 6.0 (Microsoft Windows Server 2003 with SP1 for Itanium-based Systems)
Microsoft Outlook Express 6.0 (Microsoft Windows Server 2003 x64 Edition Service Pack 2)
Microsoft Outlook Express 6.0 (Microsoft Windows Server 2003 x64 Edition)
Microsoft Outlook Express 6.0 (Microsoft Windows XP Professional x64 Edition Service Pack 2)
Microsoft Outlook Express 6.0 (Microsoft Windows XP Service Pack 2)
Microsoft Outlook Express 6.0 Service Pack 1 (Microsoft Windows 2000 Service Pack 4)
Windows Mail (Windows Vista x64 Edition)
Windows Mail (Windows Vista)