Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6 SP1; Windows Live Mail on Windows XP SP2 and SP3, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; and Windows Mail on Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote e-mail servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) POP3 or (2) IMAP response, as demonstrated by a certain +OK response on TCP port 110, aka "Outlook Express and Windows Mail Integer Overflow Vulnerability."

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C
Vendors Products
Microsoft
  • Outlook Express
  • Windows 7
  • Windows Vista
  • Windows Server 2003
  • Windows Mail
  • Windows Xp
  • Windows 2000
  • Windows 2003 Server
  • Windows Live Mail
  • Windows Server 2008

Configuration 1 [-]

AND
OR cpe:2.3:a:microsoft:outlook_express:5.5:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:outlook_express:6.0:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*

Configuration 2 [-]

AND
OR cpe:2.3:a:microsoft:outlook_express:6.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:windows_live_mail:*:*:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*

Configuration 3 [-]

AND
OR cpe:2.3:a:microsoft:outlook_express:6.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:windows_live_mail:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:a:microsoft:outlook_express:6.0:*:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*

Configuration 5 [-]

AND
OR cpe:2.3:a:microsoft:windows_live_mail:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:windows_mail:*:*:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:*:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:gold:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*

Configuration 6 [-]

AND
OR cpe:2.3:a:microsoft:windows_live_mail:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:windows_mail:*:*:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:*:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:*
References
Link Resource
http://archives.neohapsis.com/archives/bugtraq/2010-05/0068.html Exploit
http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=13&Itemid=13 Exploit
http://www.securityfocus.com/bid/40052 Exploit
http://www.us-cert.gov/cas/techalerts/TA10-131A.html US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-030
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6734
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: microsoft

Published: 2010-05-12T01:00:00

Updated: 2018-10-12T19:57:01

Reserved: 2010-03-02T00:00:00

Link: CVE-2010-0816

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2010-05-12T11:46:51.000

Modified: 2023-12-07T18:38:56.693

Link: CVE-2010-0816

JSON object: View

cve-icon Redhat Information

No data.

CWE