CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2007-3897

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.0990%
EPSS Percentile32.30th
Published2007年10月9日
Last Modified2026年4月23日

Vulnerability Description

Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption.

Affected Platforms (CPE)

📦
Microsoft

Outlook Express

<= 6.0
📦
Microsoft

Outlook Express

= 6.0
📦
Microsoft

Windows Mail

All versions

References & Advisories

🔗 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=607
🔗 http://secunia.com/advisories/27112
🔗 http://securitytracker.com/id?1018785
🔗 http://securitytracker.com/id?1018786
🔗 http://www.securityfocus.com/archive/1/481983/100/100/threaded
🔗 http://www.securityfocus.com/archive/1/482366/100/0/threaded
🔗 http://www.securityfocus.com/bid/25908
🔗 http://www.us-cert.gov/cas/techalerts/TA07-282A.html

相關漏洞威脅

CVE-1999-096710.0

Buffer overflow in the HTML library used by Internet Explorer, Outlook Express, and Windows Explorer via the res: local resource p...

CVE-2004-038010.0

The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass do...

CVE-2010-08169.3

Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6 SP1; Windows Live Mail on Windows XP SP2 and SP3, ...

CVE-2003-13788.8

Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute ar...