CVE-2002-1179

Microsoft Outlook Express <6.0 - RCE

Title source: llm

Description

Buffer overflow in the S/MIME Parsing capability in Microsoft Outlook Express 5.5 and 6.0 allows remote attackers to execute arbitrary code via a digitally signed email with a long "From" address, which triggers the overflow when the user views or previews the message.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Noam Rathaus · perlremotewindows

https://www.exploit-db.com/exploits/21932

View Code ZIP pw:eip

References (6)

[Mailing List] http://marc.info/?l=ntbugtraq&m=103429681123297&w=2

[Mailing List] http://marc.info/?l=ntbugtraq&m=103429637822920&w=2

[Mailing List] http://marc.info/?l=bugtraq&m=103435413105661&w=2

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-058

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/5944

[Vendor Advisory] http://www.iss.net/security_center/static/10338.php

Scores

EPSS 0.4948

EPSS Percentile 97.8%

Details

Status published

Products (2)

microsoft/outlook_express 5.5

microsoft/outlook_express 6.0

Published Oct 28, 2002

Tracked Since Feb 18, 2026