TITLE: Microsoft Outlook Express News Reading Buffer Overflow SECUNIA ADVISORY ID: SA15695
VERIFY ADVISORY: http://secunia.com/advisories/15695/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From remote SOFTWARE: Microsoft Outlook Express 6 http://secunia.com/product/102/ Microsoft Outlook Express 5.5 http://secunia.com/product/189/ DESCRIPTION: A vulnerability has been reported in Microsoft Outlook Express, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error within the parsing of NNTP responses when using Outlook Express as a newsgroup reader. This can be exploited to cause a buffer overflow via a malicious newsgroup server. Successful exploitation requires that a user queries a malicious newsgroup server for news. SOLUTION: Apply patches. Outlook Express 5.5 SP2 on Windows 2000 (requires SP3 or SP4): http://www.microsoft.com/downloads/details.aspx?FamilyId=a6932151-2ae2-4c6e-861a-6ff5bde61191 Outlook Express 6 SP1 on Windows 2000 (requires SP3 or SP4) or Windows XP (requires SP1): http://www.microsoft.com/downloads/details.aspx?FamilyId=89e4d8ee-4d8e-4660-a53d-28502b3d2518 Outlook Express 6 SP1 for Windows XP 64-Bit Edition for Itanium (requires SP1): http://www.microsoft.com/downloads/details.aspx?FamilyId=b765c0e1-f4e2-495b-aae5-2db3eeaf71bb Outlook Express 6 for Windows XP 64-Bit Edition Version 2003 for Itanium: http://www.microsoft.com/downloads/details.aspx?familyid=69901ec1-a11f-4135-9874-3698bcf7c760 Outlook Express 6 for Windows Server 2003 for Itanium-based systems: http://www.microsoft.com/downloads/details.aspx?familyid=5fc7d68b-92a6-4c03-8d88-b2501aea8da6 Outlook Express 6 for Microsoft Windows Server 2003: http://www.microsoft.com/downloads/details.aspx?FamilyId=d439eee9-05eb-4ecb-9e86-6259f1acaabb The vulnerability does not affect the following versions: * Microsoft Windows Server 2003 Service Pack 1 * Microsoft Windows Server 2003 with SP1 for Itanium-based systems * Microsoft Windows Server 2003 x64 Edition * Microsoft Windows XP Professional x64 Edition * Microsoft Windows XP Service Pack 2 ORIGINAL ADVISORY: MS05-030 (KB897715): http://www.microsoft.com/technet/security/bulletin/ms05-030.mspx iDEFENSE: http://idefense.com/application/poi/display?id=263&type=vulnerabilities ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
