CyberSec.Space Logo
Back to CVE Browser

CVE-2007-3897

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.0990%
EPSS Percentile32.30th
PublishedOct 9, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption.

Affected Platforms (CPE)

πŸ“¦
Microsoft

Outlook Express

<= 6.0
πŸ“¦
Microsoft

Outlook Express

= 6.0
πŸ“¦
Microsoft

Windows Mail

All versions

References & Advisories

πŸ”— http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=607
πŸ”— http://secunia.com/advisories/27112
πŸ”— http://securitytracker.com/id?1018785
πŸ”— http://securitytracker.com/id?1018786
πŸ”— http://www.securityfocus.com/archive/1/481983/100/100/threaded
πŸ”— http://www.securityfocus.com/archive/1/482366/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/25908
πŸ”— http://www.us-cert.gov/cas/techalerts/TA07-282A.html

Related Vulnerabilities

CVE-1999-096710.0

Buffer overflow in the HTML library used by Internet Explorer, Outlook Express, and Windows Explorer via the res: local resource p...

CVE-2004-038010.0

The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass do...

CVE-2010-08169.3

Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6 SP1; Windows Live Mail on Windows XP SP2 and SP3, ...

CVE-2003-13788.8

Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute ar...