9.3

CVE-2010-0816

Exploit

Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6 SP1; Windows Live Mail on Windows XP SP2 and SP3, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; and Windows Mail on Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote e-mail servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) POP3 or (2) IMAP response, as demonstrated by a certain +OK response on TCP port 110, aka "Outlook Express and Windows Mail Integer Overflow Vulnerability."

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftOutlook Express Version5.5 Updatesp2
   MicrosoftWindows 2000 Updatesp4
MicrosoftOutlook Express Version6.0 Updatesp1
   MicrosoftWindows 2000 Updatesp4
MicrosoftOutlook Express Version6.0
   MicrosoftWindows Xp Updatesp2
   MicrosoftWindows Xp Updatesp3
MicrosoftWindows Live Mail
   MicrosoftWindows Xp Updatesp2
   MicrosoftWindows Xp Updatesp3
MicrosoftOutlook Express Version6.0
   MicrosoftWindows Xp Version- Updatesp2 Editionx64
MicrosoftWindows Live Mail
   MicrosoftWindows Xp Version- Updatesp2 Editionx64
MicrosoftOutlook Express Version6.0
   MicrosoftWindows 2003 Server Updatesp2
   MicrosoftWindows 2003 Server Updatesp2 Editionitanium
   MicrosoftWindows Server 2003 Updatesp2
MicrosoftWindows Live Mail
   MicrosoftWindows Server 2008 Editionitanium
   MicrosoftWindows Server 2008 Editionx32
   MicrosoftWindows Server 2008 Editionx64
   MicrosoftWindows Server 2008 Updatesp2 Editionx32
   MicrosoftWindows Server 2008 Updatesp2 Editionx64
   MicrosoftWindows Server 2008 Version- Editionitanium
   MicrosoftWindows Server 2008 Version- Editionx64
   MicrosoftWindows Server 2008 Version- Updategold Editionitanium
   MicrosoftWindows Server 2008 Version- Updatesp2 Editionitanium
   MicrosoftWindows Server 2008 Version- Updatesp2 Editionx64
   MicrosoftWindows Vista Updatesp1
   MicrosoftWindows Vista Updatesp2
   MicrosoftWindows Vista Version- Updatesp1
   MicrosoftWindows Vista Version- Updatesp2
MicrosoftWindows Mail
   MicrosoftWindows Server 2008 Editionitanium
   MicrosoftWindows Server 2008 Editionx32
   MicrosoftWindows Server 2008 Editionx64
   MicrosoftWindows Server 2008 Updatesp2 Editionx32
   MicrosoftWindows Server 2008 Updatesp2 Editionx64
   MicrosoftWindows Server 2008 Version- Editionitanium
   MicrosoftWindows Server 2008 Version- Editionx64
   MicrosoftWindows Server 2008 Version- Updategold Editionitanium
   MicrosoftWindows Server 2008 Version- Updatesp2 Editionitanium
   MicrosoftWindows Server 2008 Version- Updatesp2 Editionx64
   MicrosoftWindows Vista Updatesp1
   MicrosoftWindows Vista Updatesp2
   MicrosoftWindows Vista Version- Updatesp1
   MicrosoftWindows Vista Version- Updatesp2
MicrosoftWindows Live Mail
   MicrosoftWindows 7 Version-
   MicrosoftWindows Server 2008 Versionr2 Editionitanium
   MicrosoftWindows Server 2008 Versionr2 Editionx64
MicrosoftWindows Mail
   MicrosoftWindows 7 Version-
   MicrosoftWindows Server 2008 Versionr2 Editionitanium
   MicrosoftWindows Server 2008 Versionr2 Editionx64
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 35.44% 0.969
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C