what you don't know can hurt you

Secunia Security Advisory 39766

Secunia Security Advisory 39766
Posted May 11, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Francis Provencher has discovered a vulnerability in Microsoft Outlook Express and Windows Mail, which can be exploited by malicious people to potentially compromise a user's system.

tags | advisory
systems | windows
MD5 | ad88a4ec2a50d0d690478bca8509792b

Secunia Security Advisory 39766

Change Mirror Download
----------------------------------------------------------------------


Looking for a job?


Secunia is hiring skilled researchers and talented developers.


http://secunia.com/company/jobs/


----------------------------------------------------------------------

TITLE:
Outlook Express / Windows Mail STAT Response Integer Overflow

SECUNIA ADVISORY ID:
SA39766

VERIFY ADVISORY:
http://secunia.com/advisories/39766/

DESCRIPTION:
Francis Provencher has discovered a vulnerability in Microsoft
Outlook Express and Windows Mail, which can be exploited by malicious
people to potentially compromise a user's system.

The vulnerability is caused due to an integer overflow when
processing responses received from a POP3 server. This can be
exploited to dereference out-of-bounds memory and potentially trigger
a memory corruption via a specially crafted STAT response.

Successful exploitation may allow execution of arbitrary code, but
requires that the user is tricked into connecting to a malicious POP3
server.

The vulnerability is confirmed in Outlook Express on a fully patched
Windows 2000, Windows XP SP3, and Windows Server 2003, and in Windows
Mail on a fully patched Windows Server 2008. Windows Mail in Windows
Vista is also reportedly affected.

SOLUTION:
Apply patches.

-- Windows 2000 SP4 --

Microsoft Outlook Express 5.5 SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=661F5DE3-A593-4961-8E8D-2777797EB5C5

Microsoft Outlook Express 6 SP1
http://www.microsoft.com/downloads/details.aspx?familyid=CDA75174-B535-4559-A52D-B5EC3A1DF349


-- Windows XP SP2/SP3 --

Microsoft Outlook Express 6:
http://www.microsoft.com/downloads/details.aspx?familyid=99707C3D-A3CB-47DA-B38E-8AE0227FD703

Windows Live Mail:
http://www.microsoft.com/downloads/details.aspx?familyid=99707C3D-A3CB-47DA-B38E-8AE0227FD703


-- Windows XP Professional x64 Edition SP2 --

Microsoft Outlook Express 6:
http://www.microsoft.com/downloads/details.aspx?familyid=44BC97BB-6F76-4C96-AF72-69DAAEA80FFF

Windows Live Mail:
http://www.microsoft.com/downloads/details.aspx?familyid=44BC97BB-6F76-4C96-AF72-69DAAEA80FFF


-- Windows Server 2003 SP2 --

Microsoft Outlook Express 6
http://www.microsoft.com/downloads/details.aspx?familyid=EB9742FC-0934-4B38-9EC4-3597FC71EC00


-- Windows Server 2003 x64 Edition SP2 --

Microsoft Outlook Express 6:
http://www.microsoft.com/downloads/details.aspx?familyid=5678515A-97EA-4E00-8700-D3F2FCDC0EFC


-- Windows Server 2003 with SP2 for Itanium-based Systems --

Microsoft Outlook Express 6:
http://www.microsoft.com/downloads/details.aspx?familyid=60EF635B-CB6D-402F-B904-E69B519D797F


-- Windows Vista SP1/SP2 --

Windows Mail:
http://www.microsoft.com/downloads/details.aspx?familyid=A970C869-24FE-4EF4-B189-7A6BAC2411F1

Windows Live Mail:
http://www.microsoft.com/downloads/details.aspx?familyid=A970C869-24FE-4EF4-B189-7A6BAC2411F1


-- Windows Vista x64 Edition SP1/SP2 --

Windows Mail:
http://www.microsoft.com/downloads/details.aspx?familyid=9A7853B5-4F9F-4467-9530-EEA2EFD504A5

Windows Live Mail:
http://www.microsoft.com/downloads/details.aspx?familyid=9A7853B5-4F9F-4467-9530-EEA2EFD504A5


-- Windows Server 2008 for 32-bit Systems (optionally with SP2) --

Windows Mail:
http://www.microsoft.com/downloads/details.aspx?familyid=5F77A640-247C-4ED2-9FCA-4B7344F4DC7C

Windows Live Mail:
http://www.microsoft.com/downloads/details.aspx?familyid=5F77A640-247C-4ED2-9FCA-4B7344F4DC7C


-- Windows Server 2008 for x64-based Systems (optionally with SP2)
--

Windows Mail:
http://www.microsoft.com/downloads/details.aspx?familyid=B0EAB011-5847-44E4-BC0D-5C5355E1E8D0

Windows Live Mail:
http://www.microsoft.com/downloads/details.aspx?familyid=B0EAB011-5847-44E4-BC0D-5C5355E1E8D0


-- Windows Server 2008 for Itanium-based Systems (optionally with
SP2) --

Windows Mail:
http://www.microsoft.com/downloads/details.aspx?familyid=DA01AE82-895E-4739-916F-A63B9095A076

Windows Live Mail:
http://www.microsoft.com/downloads/details.aspx?familyid=DA01AE82-895E-4739-916F-A63B9095A076


-- Windows 7 for 32-bit Systems --

Windows Mail:
http://www.microsoft.com/downloads/details.aspx?familyid=1F0C17BE-BA4C-4A1C-B9C3-8AC368800947

Windows Live Mail:
http://www.microsoft.com/downloads/details.aspx?familyid=1F0C17BE-BA4C-4A1C-B9C3-8AC368800947


-- Windows 7 for x64-based Systems --

Windows Mail:
http://www.microsoft.com/downloads/details.aspx?familyid=A70F15E1-512C-44CA-A308-928E237AC0CE

Windows Live Mail:
http://www.microsoft.com/downloads/details.aspx?familyid=A70F15E1-512C-44CA-A308-928E237AC0CE


-- Windows Server 2008 R2 for x64-based Systems --

Windows Mail:
http://www.microsoft.com/downloads/details.aspx?familyid=E2E25C02-38CE-4868-A01A-39FC7D2A4150

Windows Live Mail:
http://www.microsoft.com/downloads/details.aspx?familyid=E2E25C02-38CE-4868-A01A-39FC7D2A4150


-- Windows Server 2008 R2 for Itanium-based Systems --

Windows Mail:
http://www.microsoft.com/downloads/details.aspx?familyid=53ED1055-B5EE-4FDE-9550-F8B401916467

Windows Live Mail:
http://www.microsoft.com/downloads/details.aspx?familyid=53ED1055-B5EE-4FDE-9550-F8B401916467

PROVIDED AND/OR DISCOVERED BY:
Francis Provencher, Protek Research Lab's.

CHANGELOG:
2010-05-11: Updated "Extended Description" and added PoC. Updated
"Solution" section. Added additional information provided by
Microsoft.

ORIGINAL ADVISORY:
MS10-030 (KB978542):
http://www.microsoft.com/technet/security/bulletin/ms10-030.mspx

Francis Provencher:
http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=13&Itemid=13

OTHER REFERENCES:
Malicious Mail server vulnerability (blog):
http://blogs.technet.com/srd/archive/2010/05/11/ms10-030-malicious-mail-server-vulnerability.aspx

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

June 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    1 Files
  • 2
    Jun 2nd
    2 Files
  • 3
    Jun 3rd
    19 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    15 Files
  • 6
    Jun 6th
    12 Files
  • 7
    Jun 7th
    11 Files
  • 8
    Jun 8th
    1 Files
  • 9
    Jun 9th
    1 Files
  • 10
    Jun 10th
    15 Files
  • 11
    Jun 11th
    15 Files
  • 12
    Jun 12th
    15 Files
  • 13
    Jun 13th
    8 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close