Signature Detail

NNTP: Outlook Express NNTP XHDR Response Overflow

This signature detects attempts to exploit a known vulnerability in the Outlook Express. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the system.

Extended Description

Microsoft Outlook Express and Windows Mail are prone to a remote heap-based buffer-overflow vulnerability. This issue occurs because the applications fail to perform adequate boundary-checks on user-supplied data. Successfully exploiting this issue will allow an attacker to execute arbitrary code with the privileges of the currently logged-in user.

Affected Products

• HP Storage Management Appliance 2.1
• HP Storage Management Appliance I
• HP Storage Management Appliance II
• HP Storage Management Appliance III
• Microsoft Outlook Express 5.5 SP2
• Microsoft Outlook Express 6.0
• Microsoft Outlook Express 6.0 SP1
• Microsoft Windows Mail
• Nortel Networks Centrex IP Client Manager
• Nortel Networks Centrex IP Element Manager
• Nortel Networks Circuit Switching
• Nortel Networks Integrated Access - Cable
• Nortel Networks Packet Transit - IP
• Nortel Networks Universal Access - IP

References

• BugTraq: 25908
• CVE: CVE-2007-3897