Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-0816

CWE-1894 documents4 sources
Severity
9.3CRITICAL
EPSS
35.4%
top 2.95%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Outlook Express
Timeline
PublishedMay 12
Latest updateMay 2

Description

Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6 SP1; Windows Live Mail on Windows XP SP2 and SP3, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; and Windows Mail on Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote e-mail servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) POP3 or (2) IMAP response, as demonstrated by a certain +OK response on TCP port 110

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-wc77-pp72-82qv: Integer overflow in inetcomm2022-05-02
CVEList
CVE-2010-0816: Integer overflow in inetcomm2010-05-12

💥Exploits & PoCs

1
Exploit-DB
Microsoft Windows Outlook Express and Windows Mail - Integer Overflow2010-05-11
CVE-2010-0816 (CRITICAL CVSS 9.3) | Integer overflow in inetcomm.dll in | cvebase.io