Microsoft Outlook Express And Windows Mail NNTP Protocol Heap Buffer Overflow Vulnerability (941202) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS07-056.

Impact

Successful exploitation leads to cause a heap-based buffer overflow by returning more data than requested by the client. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms07-056.mspx

Insight

The flaw is due to a boundary error in 'inetcomm.dll' when processing NNTP (Network News Transfer Protocol) responses.

Affected

Microsoft Windows XP Service Pack 2 and prior. Microsoft Windows 2000 ervice Pack 4 and prior. Microsoft Windows 2K3 Service Pack 2 and prior. Microsoft Windows Vista

References

http://secunia.com/advisories/27112
http://securitytracker.com/alerts/2007/Oct/1018785.html
http://securitytracker.com/alerts/2007/Oct/1018786.html
http://www.microsoft.com/technet/security/bulletin/ms07-056.mspx

Updated on 2015-03-25

Severity

Classification

CVE CVE-2007-3897
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft Forefront Protection For Exchange RCE Vulnerability (2927022)
Microsoft Active Directory LDAP Remote Code Execution Vulnerability (969805)
Checks for MS HOTFIX for snmp buffer overruns
Microsoft IIS Authentication Remote Code Execution Vulnerability (982666)
Microsoft Internet Explorer Multiple Memory Corruption Vulnerabilities (2879017)

Take action and discover your vulnerabilities