Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-1213

5 documents4 sources

Severity

7.5HIGH

EPSS

82.6%

top 0.77%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Outlook Express

Timeline

PublishedJun 14

Latest updateMay 1

Description

Stack-based buffer overflow in the news reader for Microsoft Outlook Express (MSOE.DLL) 5.5 SP2, 6, and 6 SP1 allows remote malicious NNTP servers to execute arbitrary code via a LIST response with a long second field.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDmicrosoft/outlook_express5.5, 6.0+1

Patches

Patch: www.idefense.com ↗Patch: www.idefense.com ↗

🔴Vulnerability Details

GHSA

GHSA-gmjp-mwh5-92g3: Stack-based buffer overflow in the news reader for Microsoft Outlook Express (MSOE↗2022-05-01

▶

CVEList

CVE-2005-1213: Stack-based buffer overflow in the news reader for Microsoft Outlook Express (MSOE↗2005-06-14

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Outlook Express - NNTP Response Parsing Buffer Overflow (MS05-030) (Metasploit)↗2010-05-09

▶

Exploit-DB

Microsoft Outlook Express - NNTP Buffer Overflow (MS05-030)↗2005-06-24

▶