Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2000-0567Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Outlook

7 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
18.3%
top 4.78%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Microsoft OutlookMicrosoft Outlook Express
Timeline
PublishedJul 18
Latest updateApr 30

Description

Buffer overflow in Microsoft Outlook and Outlook Express allows remote attackers to execute arbitrary commands via a long Date field in an email header, aka the "Malformed E-mail Header" vulnerability.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDmicrosoft/outlook_express4.0, 4.01, 5.0+2
NVDmicrosoft/outlook2000, 97, 98+2

🔴Vulnerability Details

2
GHSA
GHSA-4w6m-4639-4jgr: Buffer overflow in Microsoft Outlook and Outlook Express allows remote attackers to execute arbitrary commands via a long Date field in an email heade2022-04-30
CVEList
CVE-2000-0567: Buffer overflow in Microsoft Outlook and Outlook Express allows remote attackers to execute arbitrary commands via a long Date field in an email heade2000-10-13

💥Exploits & PoCs

4
Exploit-DB
Microsoft Edge Chakra - 'NewScObjectNoCtor' or 'InitProto' Type Confusion2019-01-18
Exploit-DB
Microsoft Windows Server 2000 - WINS Remote Code Execution2004-12-31
Exploit-DB
Microsoft Outlook 97/98/2000 / Outlook Express 4.0/5.0 - GMT Field Buffer Overflow (2)2000-07-18
Exploit-DB
Microsoft Outlook 97/98/2000 / Outlook Express 4.0/5.0 - GMT Field Buffer Overflow (1)2000-07-18
CVE-2000-0567 — Microsoft Outlook vulnerability | cvebase