Microsoft Outlook Express S/MIME Buffer Overflow Vulnerability

high Nessus Network Monitor Plugin ID 1291

Synopsis

The remote host is vulnerable to a buffer overflow

Description

The remote host is running a version of Outlook Express that contains an unchecked buffer in the code that generates warning messages when certain error conditions associated with digital signatures are encountered. Execution of arbitrary code in the security context of the current user is possible.

Solution

Microsoft has supplied a patch for 5.5 and 6.0 that may be downloaded from their webpage.

Plugin Details

Severity: High

ID: 1291

Family: SMTP Clients

Published: 8/20/2004

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 6.1

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.5

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:outlook_express

Reference Information

CVE: CVE-2002-1179

BID: 5944