Signature Detail

POP3: Microsoft Outlook Express Crafted Server Response

This signature detects attempts to exploit a known vulnerability against Microsoft Outlook Express and Windows Mail. A successful attack can lead to arbitrary code execution.

Extended Description

Microsoft Outlook Express and Windows Mail are prone to a remote integer-overflow vulnerability because the applications fail to perform boundary checks on integer values. Successfully exploiting this issue will allow an attacker to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts will result in a denial-of-service condition.

Affected Products

• Avaya Meeting Exchange - Client Registration Server
• Avaya Meeting Exchange - Recording Server
• Avaya Meeting Exchange - Streaming Server
• Avaya Meeting Exchange - Web Conferencing Server
• Avaya Meeting Exchange - Webportal
• Avaya Messaging Application Server 4
• Avaya Messaging Application Server 5
• Avaya Messaging Application Server MM 1.1
• Avaya Messaging Application Server MM 2.0
• Avaya Messaging Application Server MM 3.0
• Avaya Messaging Application Server MM 3.1
• Avaya Messaging Application Server
• Microsoft Outlook Express 5.5
• Microsoft Outlook Express 5.5 SP1
• Microsoft Outlook Express 5.5 SP2
• Microsoft Outlook Express 6.0
• Microsoft Outlook Express 6.0 SP1
• Microsoft Windows Live Mail
• Microsoft Windows Mail

References

• BugTraq: 39927
• CVE: CVE-2010-0816
• URL: http://www.microsoft.com/technet/security/bulletin/ms10-030.mspx