Follow:

Vulnerability:Win/OutlookExpress.Mail.RCE!CVE-2010-0816

Severity rating
Critical

Class/Type
Vulnerability

Discovered date
2010-05-11T00:00:00

Attack vector
Remote

Authentication required
No

Public exploits available
No

Signature detection
Low



On this page




Description

An unauthenticated remote code execution vulnerability exists in the way that Windows Mail Client handles specially crafted mail responses. An attempt to exploit the vulnerability would not require authentication, allowing an attacker to exploit the vulnerability by sending a specially crafted response to a client initiating a connection to a server under his control using the common mail protocols POP3 and IMAP.



Impact

An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.



Technical details (analysis)

The Post Office Protocol 3 (POP3) servers hold incoming e-mail messages until you check your e-mail, at which point they're transferred to your computer. POP3 is the most common account type for personal e-mail. Messages are typically deleted from the server when you check your e-mail. Internet Message Access Protocol 4 (IMAP4) is a protocol for reading mail and accessing public folders on remote servers. Clients can log on to a mail server and use IMAP4 to download message headers and then read messages individually while online. The vulnerability is caused when a common library used by Outlook Express and Windows Mail insufficiently validates network data before using that data to calculate the necessary size of a buffer.



Affected software

Microsoft Windows 2000 Service Pack 4
Microsoft Outlook Express 6 Service Pack 1
Windows XP Service Pack 2 and Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista Service Pack 1
Windows Vista Service Pack 2
Windows Vista Service Pack 1
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 1
Windows Vista x64 Edition Service Pack 2
Windows Vista x64 Edition Service Pack 1
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems
Windows 7 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for Itanium-based Systems



Non-affected software

All applications not on the affected list.



References




Solutions




NIS signature

Name: Vulnerability:Win/OutlookExpress.Mail.RCE!CVE-2010-0816
Release Date: 2010-05-11T00:00:00



Known false positives

No known false positives at this time.



Work-arounds

Use web-based e-mail when possible