CVE-2013-3870Double Free in Microsoft Outlook

CWE-3993 documents3 sources
Severity
9.3CRITICALNVD
EPSS
36.7%
top 2.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Outlook
Timeline
PublishedSep 11
Latest updateMay 14

Description

Double free vulnerability in Microsoft Outlook 2007 SP3 and 2010 SP1 and SP2 allows remote attackers to execute arbitrary code by including many nested S/MIME certificates in an e-mail message, aka "Message Certificate Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDmicrosoft/outlook2007, 2010+1

🔴Vulnerability Details

2
GHSA
GHSA-m4gr-fj9h-9vrx: Double free vulnerability in Microsoft Outlook 2007 SP3 and 2010 SP1 and SP2 allows remote attackers to execute arbitrary code by including many neste2022-05-14
CVEList
CVE-2013-3870: Double free vulnerability in Microsoft Outlook 2007 SP3 and 2010 SP1 and SP2 allows remote attackers to execute arbitrary code by including many neste2013-09-11
CVE-2013-3870 — Double Free in Microsoft Outlook | cvebase