CVE-2010-2728 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Outlook

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
9.3CRITICALNVD
EPSS
28.4%
top 3.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Outlook
Timeline
PublishedSep 15
Latest updateMay 14

Description

Heap-based buffer overflow in Microsoft Outlook 2002 SP3, 2003 SP3, and 2007 SP2, when Online Mode for an Exchange Server is enabled, allows remote attackers to execute arbitrary code via a crafted e-mail message, aka "Heap Based Buffer Overflow in Outlook Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

â–¶NVDmicrosoft/outlook2002, 2003, 2007+2

🔴Vulnerability Details

2
GHSA
GHSA-7xp6-7877-fr5p: Heap-based buffer overflow in Microsoft Outlook 2002 SP3, 2003 SP3, and 2007 SP2, when Online Mode for an Exchange Server is enabled, allows remote at↗2022-05-14
â–¶
CVEList
CVE-2010-2728: Heap-based buffer overflow in Microsoft Outlook 2002 SP3, 2003 SP3, and 2007 SP2, when Online Mode for an Exchange Server is enabled, allows remote at↗2010-09-15
â–¶

💥Exploits & PoCs

1
Exploit-DB
Microsoft Windows Fax Services Cover Page Editor - '.cov' Memory Corruption↗2010-12-28
â–¶
CVE-2010-2728 — Microsoft Outlook vulnerability | cvebase