Vulnerability Name: CVE-2010-0816 (CCN-58172) Assigned: 2010-05-11 Published: 2010-05-11 Updated: 2019-02-26 Summary: Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6 SP1; Windows Live Mail on Windows XP SP2 and SP3, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; and Windows Mail on Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote e-mail servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) POP3 or (2) IMAP response, as demonstrated by a certain +OK response on TCP port 110, aka "Outlook Express and Windows Mail Integer Overflow Vulnerability." CVSS v3 Severity: 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): ChangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C 6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C 6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-189 Vulnerability Consequences: Gain Access References: Source: BUGTRAQ20100511 {PRL} Microsoft Windows Outlook Express and Windows Mail Integer Overflow CVE-2010-0816 Outlook Express / Windows Mail STAT Response Integer Overflow Vulnerability in Outlook Express and Windows Mail Could Allow Remote Code Execution (978542) {PRL} Microsoft Windows Outlook Express and Windows Mail Integer Overflow http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=13&Itemid=13 Microsoft Outlook Express And Windows Mail Common Library Integer Overflow Vulnerability 40052 RETIRED: Microsoft Windows Outlook Express and Windows Mail Integer Overflow Vulnerability TA10-131A MS10-030 ms-outlook-mail-client-overflow(58172) oval:org.mitre.oval:def:6734 Vulnerable Configuration: Configuration 1 :cpe:/a:microsoft:outlook_express:5.5:sp2:*:*:*:*:*:* OR cpe:/a:microsoft:outlook_express:6.0:sp1:*:*:*:*:*:* AND cpe:/o:microsoft:windows_2000:*:sp4:*:*:*:*:*:* Configuration 2 :cpe:/a:microsoft:outlook_express:6.0:*:*:*:*:*:*:* OR cpe:/a:microsoft:windows_live_mail:*:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_xp:*:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_xp:*:sp3:*:*:*:*:*:* Configuration 3 :cpe:/a:microsoft:outlook_express:6.0:*:*:*:*:*:*:* OR cpe:/a:microsoft:windows_live_mail:*:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:* Configuration 4 :cpe:/a:microsoft:outlook_express:6.0:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:* Configuration 5 :cpe:/a:microsoft:windows_live_mail:*:*:*:*:*:*:*:* OR cpe:/a:microsoft:windows_mail:*:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:itanium:* OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:x32:* OR cpe:/o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x32:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:itanium:* OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2008:-:gold:itanium:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_vista:*:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:*:sp1:x64:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:*:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:*:sp2:x64:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:-:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:-:sp2:*:*:*:*:*:* Configuration 6 :cpe:/a:microsoft:windows_live_mail:*:*:*:*:*:*:*:* OR cpe:/a:microsoft:windows_mail:*:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_7:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:r2:*:*:*:*:*:itanium:* OR cpe:/o:microsoft:windows_server_2008:r2:*:*:*:*:*:x64:* Configuration CCN 1 :cpe:/a:microsoft:outlook_express:6.0:*:*:*:*:*:*:* OR cpe:/a:microsoft:outlook_express:6.0:sp1:*:*:*:*:*:* OR cpe:/a:microsoft:outlook_express:5.5:sp2:*:*:*:*:*:* OR cpe:/a:microsoft:windows_mail:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:x32:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:itanium:* AND cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:* OR cpe:/o:microsoft:windows:xp:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows:server_2003:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows:server_2003:sp2:itanium:*:*:*:*:* OR cpe:/o:microsoft:windows:server_2003:sp2:x64:*:*:*:*:* OR cpe:/o:microsoft:windows_xp::sp2:x64:*:professional:*:*:* OR cpe:/o:microsoft:windows_vista:-:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:-:sp1:x64:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:itanium:* OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:x64:* OR cpe:/o:microsoft:windows:xp:sp3:*:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:-:sp2:x64:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:-:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x32:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_7:-:-:*:*:ultimate_n:*:x64:* OR cpe:/o:microsoft:windows_7:-:*:*:*:*:*:x32:* OR cpe:/o:microsoft:windows_server_2008:r2:*:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2008:r2:*:*:*:*:*:itanium:* Oval Definitions BACK
microsoft outlook express 5.5 sp2
microsoft outlook express 6.0 sp1
microsoft windows 2000 * sp4
microsoft outlook express 6.0
microsoft windows live mail *
microsoft windows xp * sp2
microsoft windows xp * sp3
microsoft outlook express 6.0
microsoft windows live mail *
microsoft windows xp - sp2
microsoft outlook express 6.0
microsoft windows 2003 server * sp2
microsoft windows 2003 server * sp2
microsoft windows server 2003 * sp2
microsoft windows live mail *
microsoft windows mail *
microsoft windows server 2008 *
microsoft windows server 2008 *
microsoft windows server 2008 *
microsoft windows server 2008 * sp2
microsoft windows server 2008 * sp2
microsoft windows server 2008 -
microsoft windows server 2008 -
microsoft windows server 2008 - gold
microsoft windows server 2008 - sp2
microsoft windows server 2008 - sp2
microsoft windows vista * sp1
microsoft windows vista * sp1
microsoft windows vista * sp2
microsoft windows vista * sp2
microsoft windows vista - sp1
microsoft windows vista - sp2
microsoft windows live mail *
microsoft windows mail *
microsoft windows 7 -
microsoft windows server 2008 r2
microsoft windows server 2008 r2
microsoft outlook express 6.0
microsoft outlook express 6.0 sp1
microsoft outlook express 5.5 sp2
microsoft windows mail *
microsoft windows server 2008 -
microsoft windows server 2008
microsoft windows 2000 - sp4
microsoft windows xp sp2
microsoft windows server_2003 sp2
microsoft windows server_2003 sp2
microsoft windows server_2003 sp2
microsoft windows xp sp2
microsoft windows vista - sp1
microsoft windows vista - sp1
microsoft windows server 2008 -
microsoft windows server 2008 -
microsoft windows xp sp3
microsoft windows vista - sp2
microsoft windows vista - sp2
microsoft windows server 2008 sp2
microsoft windows server 2008 sp2
microsoft windows 7 -
microsoft windows 7 -
microsoft windows server 2008 - r2
microsoft windows server 2008 r2
Denotes that component is vulnerable