Secunia Security Advisory 39766

Secunia Security Advisory 39766: Posted May 11, 2010; Authored by Secunia | Site secunia.com; Secunia Security Advisory - Francis Provencher has discovered a vulnerability in Microsoft Outlook Express and Windows Mail, which can be exploited by malicious people to potentially compromise a user's system.; tags | advisory; systems | windows; SHA-256 | 15879cbeb82f803e03191b6594e48cbea94dd6465cd367c0d573ac50cfb77cec; Download | Favorite | View

Secunia Security Advisory 39766

----------------------------------------------------------------------


Looking for a job?


Secunia is hiring skilled researchers and talented developers.


http://secunia.com/company/jobs/


----------------------------------------------------------------------

TITLE:
Outlook Express / Windows Mail STAT Response Integer Overflow

SECUNIA ADVISORY ID:
SA39766

VERIFY ADVISORY:
http://secunia.com/advisories/39766/

DESCRIPTION:
Francis Provencher has discovered a vulnerability in Microsoft
Outlook Express and Windows Mail, which can be exploited by malicious
people to potentially compromise a user's system.

The vulnerability is caused due to an integer overflow when
processing responses received from a POP3 server. This can be
exploited to dereference out-of-bounds memory and potentially trigger
a memory corruption via a specially crafted STAT response.

Successful exploitation may allow execution of arbitrary code, but
requires that the user is tricked into connecting to a malicious POP3
server.

The vulnerability is confirmed in Outlook Express on a fully patched
Windows 2000, Windows XP SP3, and Windows Server 2003, and in Windows
Mail on a fully patched Windows Server 2008. Windows Mail in Windows
Vista is also reportedly affected.

SOLUTION:
Apply patches.

-- Windows 2000 SP4 --

Microsoft Outlook Express 5.5 SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=661F5DE3-A593-4961-8E8D-2777797EB5C5

Microsoft Outlook Express 6 SP1 
http://www.microsoft.com/downloads/details.aspx?familyid=CDA75174-B535-4559-A52D-B5EC3A1DF349


-- Windows XP SP2/SP3 --
  
Microsoft Outlook Express 6:
http://www.microsoft.com/downloads/details.aspx?familyid=99707C3D-A3CB-47DA-B38E-8AE0227FD703

Windows Live Mail:
http://www.microsoft.com/downloads/details.aspx?familyid=99707C3D-A3CB-47DA-B38E-8AE0227FD703


-- Windows XP Professional x64 Edition SP2 --

Microsoft Outlook Express 6:
http://www.microsoft.com/downloads/details.aspx?familyid=44BC97BB-6F76-4C96-AF72-69DAAEA80FFF

Windows Live Mail:
http://www.microsoft.com/downloads/details.aspx?familyid=44BC97BB-6F76-4C96-AF72-69DAAEA80FFF


-- Windows Server 2003 SP2 --

Microsoft Outlook Express 6
http://www.microsoft.com/downloads/details.aspx?familyid=EB9742FC-0934-4B38-9EC4-3597FC71EC00


-- Windows Server 2003 x64 Edition SP2 --

Microsoft Outlook Express 6:
http://www.microsoft.com/downloads/details.aspx?familyid=5678515A-97EA-4E00-8700-D3F2FCDC0EFC


-- Windows Server 2003 with SP2 for Itanium-based Systems --

Microsoft Outlook Express 6:
http://www.microsoft.com/downloads/details.aspx?familyid=60EF635B-CB6D-402F-B904-E69B519D797F


-- Windows Vista SP1/SP2 --

Windows Mail:
http://www.microsoft.com/downloads/details.aspx?familyid=A970C869-24FE-4EF4-B189-7A6BAC2411F1

Windows Live Mail:
http://www.microsoft.com/downloads/details.aspx?familyid=A970C869-24FE-4EF4-B189-7A6BAC2411F1


-- Windows Vista x64 Edition SP1/SP2 --

Windows Mail:
http://www.microsoft.com/downloads/details.aspx?familyid=9A7853B5-4F9F-4467-9530-EEA2EFD504A5

Windows Live Mail:
http://www.microsoft.com/downloads/details.aspx?familyid=9A7853B5-4F9F-4467-9530-EEA2EFD504A5


-- Windows Server 2008 for 32-bit Systems (optionally with SP2) --

Windows Mail:
http://www.microsoft.com/downloads/details.aspx?familyid=5F77A640-247C-4ED2-9FCA-4B7344F4DC7C

Windows Live Mail:
http://www.microsoft.com/downloads/details.aspx?familyid=5F77A640-247C-4ED2-9FCA-4B7344F4DC7C


-- Windows Server 2008 for x64-based Systems (optionally with SP2)
--

Windows Mail:
http://www.microsoft.com/downloads/details.aspx?familyid=B0EAB011-5847-44E4-BC0D-5C5355E1E8D0

Windows Live Mail:
http://www.microsoft.com/downloads/details.aspx?familyid=B0EAB011-5847-44E4-BC0D-5C5355E1E8D0


-- Windows Server 2008 for Itanium-based Systems (optionally with
SP2) --

Windows Mail:
http://www.microsoft.com/downloads/details.aspx?familyid=DA01AE82-895E-4739-916F-A63B9095A076

Windows Live Mail:
http://www.microsoft.com/downloads/details.aspx?familyid=DA01AE82-895E-4739-916F-A63B9095A076


-- Windows 7 for 32-bit Systems --

Windows Mail:
http://www.microsoft.com/downloads/details.aspx?familyid=1F0C17BE-BA4C-4A1C-B9C3-8AC368800947

Windows Live Mail:
http://www.microsoft.com/downloads/details.aspx?familyid=1F0C17BE-BA4C-4A1C-B9C3-8AC368800947


-- Windows 7 for x64-based Systems --

Windows Mail:
http://www.microsoft.com/downloads/details.aspx?familyid=A70F15E1-512C-44CA-A308-928E237AC0CE

Windows Live Mail:
http://www.microsoft.com/downloads/details.aspx?familyid=A70F15E1-512C-44CA-A308-928E237AC0CE


-- Windows Server 2008 R2 for x64-based Systems --

Windows Mail:
http://www.microsoft.com/downloads/details.aspx?familyid=E2E25C02-38CE-4868-A01A-39FC7D2A4150

Windows Live Mail:
http://www.microsoft.com/downloads/details.aspx?familyid=E2E25C02-38CE-4868-A01A-39FC7D2A4150


-- Windows Server 2008 R2 for Itanium-based Systems --

Windows Mail:
http://www.microsoft.com/downloads/details.aspx?familyid=53ED1055-B5EE-4FDE-9550-F8B401916467

Windows Live Mail:
http://www.microsoft.com/downloads/details.aspx?familyid=53ED1055-B5EE-4FDE-9550-F8B401916467

PROVIDED AND/OR DISCOVERED BY:
Francis Provencher, Protek Research Lab's.

CHANGELOG:
2010-05-11: Updated "Extended Description" and added PoC. Updated
"Solution" section. Added additional information provided by
Microsoft.

ORIGINAL ADVISORY:
MS10-030 (KB978542):
http://www.microsoft.com/technet/security/bulletin/ms10-030.mspx

Francis Provencher:
http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=13&Itemid=13

OTHER REFERENCES:
Malicious Mail server vulnerability (blog):
http://blogs.technet.com/srd/archive/2010/05/11/ms10-030-malicious-mail-server-vulnerability.aspx

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Top Authors In Last 30 Days

Red Hat 172 files
Ubuntu 47 files
Debian 22 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
tmrswrr 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Secunia Security Advisory 39766

Secunia Security Advisory 39766

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Secunia Security Advisory 39766

Share This

Secunia Security Advisory 39766

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems