Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-1179 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Outlook Express

4 documents4 sources

Severity

7.5HIGHNVD

EPSS

49.5%

top 2.20%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Outlook Express

Timeline

PublishedOct 28

Latest updateApr 30

Description

Buffer overflow in the S/MIME Parsing capability in Microsoft Outlook Express 5.5 and 6.0 allows remote attackers to execute arbitrary code via a digitally signed email with a long "From" address, which triggers the overflow when the user views or previews the message.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDmicrosoft/outlook_express5.5, 6.0+1

🔴Vulnerability Details

GHSA

GHSA-42fg-866w-8hxj: Buffer overflow in the S/MIME Parsing capability in Microsoft Outlook Express 5↗2022-04-30

▶

CVEList

CVE-2002-1179: Buffer overflow in the S/MIME Parsing capability in Microsoft Outlook Express 5↗2004-09-01

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Outlook Express 5.5/6.0 - S/MIME Buffer Overflow↗2002-10-10

▶