CVE-2005-4840

Outlook Express Address Book Control - Denial of Service via COM Object Instantiation

Title source: llm
STIX 2.1

Description

The Outlook Express Address Book control, when using Internet Explorer 6, allows remote attackers to cause a denial of service (NULL dereference and browser crash) by creating the OutlookExpress.AddressBook COM object, which is not intended for use within Internet Explorer.

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/470694/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/26836
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/34755
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/391803

Scores

EPSS 0.1152
EPSS Percentile 95.5%

Details

CWE
CWE-119
Status published
Products (1)
microsoft/outlook_express_book_control
Published Dec 31, 2005
Tracked Since Feb 18, 2026