Microsoft Outlook Express And Windows Mail NNTP Protocol Heap Buffer Overflow Vulnerability (941202) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS07-056.

Impact

Successful exploitation leads to cause a heap-based buffer overflow by returning more data than requested by the client. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms07-056.mspx

Insight

The flaw is due to a boundary error in 'inetcomm.dll' when processing NNTP (Network News Transfer Protocol) responses.

Affected

Microsoft Windows XP Service Pack 2 and prior. Microsoft Windows 2000 ervice Pack 4 and prior. Microsoft Windows 2K3 Service Pack 2 and prior. Microsoft Windows Vista

References

http://secunia.com/advisories/27112
http://securitytracker.com/alerts/2007/Oct/1018785.html
http://securitytracker.com/alerts/2007/Oct/1018786.html
http://www.microsoft.com/technet/security/bulletin/ms07-056.mspx

Updated on 2015-03-25

Severity

Classification

CVE CVE-2007-3897

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Cumulative Security Update for Internet Explorer (958215)
Microsoft DirectShow Remote Code Execution Vulnerability (2929961)
Internet Information Services (IIS) FTP Service Remote Code Execution Vulnerability (2489256)
Cumulative Security Update for Internet Explorer (939653)
Cumulative Security Update for Internet Explorer (953838)

Take action and discover your vulnerabilities