CVE-2010-0816

Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6 SP1; Windows Live Mail on Windows XP SP2 and SP3, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; and Windows Mail on Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote e-mail servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) POP3 or (2) IMAP response, as demonstrated by a certain +OK response on TCP port 110, aka "Outlook Express and Windows Mail Integer Overflow Vulnerability."

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2010-05/0068.html	Exploit
http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=13&Itemid=13	Exploit
http://www.securityfocus.com/bid/40052	Exploit
http://www.us-cert.gov/cas/techalerts/TA10-131A.html	US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-030
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6734

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:microsoft:outlook_express:5.5:sp2::::::
	cpe:2.3:a:microsoft:outlook_express:6.0:sp1::::::

cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:a:microsoft:outlook_express:6.0:::::::*
	cpe:2.3:a:microsoft:windows_live_mail::::::::

OR	cpe:2.3:o:microsoft:windows_xp::sp2::::::*
	cpe:2.3:o:microsoft:windows_xp::sp3::::::*

Configuration 3 (hide)

AND

OR	cpe:2.3:a:microsoft:outlook_express:6.0:::::::*
	cpe:2.3:a:microsoft:windows_live_mail::::::::

cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:a:microsoft:outlook_express:6.0:*:*:*:*:*:*:*

OR	cpe:2.3:o:microsoft:windows_2003_server::sp2::::::*
	cpe:2.3:o:microsoft:windows_2003_server::sp2:itanium:::::
	cpe:2.3:o:microsoft:windows_server_2003::sp2::::::*

Configuration 5 (hide)

AND

OR	cpe:2.3:a:microsoft:windows_live_mail::::::::
	cpe:2.3:a:microsoft:windows_mail::::::::

OR	cpe:2.3:o:microsoft:windows_server_2008:::itanium:::::*
	cpe:2.3:o:microsoft:windows_server_2008:::x32:::::*
	cpe:2.3:o:microsoft:windows_server_2008:::x64:::::*
	cpe:2.3:o:microsoft:windows_server_2008::sp2:x32:::::
	cpe:2.3:o:microsoft:windows_server_2008::sp2:x64:::::
	cpe:2.3:o:microsoft:windows_server_2008:-::itanium:::::
	cpe:2.3:o:microsoft:windows_server_2008:-::x64:::::
	cpe:2.3:o:microsoft:windows_server_2008:-:gold:itanium:::::*
	cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:::::*
	cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64:::::*
	cpe:2.3:o:microsoft:windows_vista::sp1::::::*
	cpe:2.3:o:microsoft:windows_vista::sp2::::::*
	cpe:2.3:o:microsoft:windows_vista:-:sp1::::::
	cpe:2.3:o:microsoft:windows_vista:-:sp2::::::

Configuration 6 (hide)

AND

OR	cpe:2.3:a:microsoft:windows_live_mail::::::::
	cpe:2.3:a:microsoft:windows_mail::::::::

OR	cpe:2.3:o:microsoft:windows_7:-:::::::*
	cpe:2.3:o:microsoft:windows_server_2008:r2::itanium:::::
	cpe:2.3:o:microsoft:windows_server_2008:r2::x64:::::

History

07 Dec 2023, 18:38

Type	Values Removed	Values Added
CPE	cpe:2.3:o:microsoft:windows_vista::sp2:x64::::: cpe:2.3:o:microsoft:windows_vista::sp1:x64:::::

Information

Published : 2010-05-12 11:46

Updated : 2023-12-10 11:03

NVD link : CVE-2010-0816

Mitre link : CVE-2010-0816

CVE.ORG link : CVE-2010-0816

JSON object : View

Products Affected

microsoft

windows_mail
windows_2000
windows_2003_server
windows_7
outlook_express
windows_server_2003
windows_live_mail
windows_xp
windows_server_2008
windows_vista

CWE

CWE-189

Numeric Errors

9.3 /10