CVE-2007-3897

Microsoft Outlook Express and Windows Mail - Remote Code Execution via Long NNTP Response

Title source: llm
STIX 2.1

Description

Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption.

References (11)

Core 11
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1018785
Third Party Advisory, VDB Entry vendor-advisory x_refsource_hp
http://www.securityfocus.com/archive/1/482366/100/0/threaded
Patch, Vendor Advisory vendor-advisory x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-056
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/481983/100/100/threaded
Broken Link third-party-advisory x_refsource_idefense
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=607
Permissions Required, Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3436
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1018786
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/25908
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA07-282A.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27112

Scores

EPSS 0.5463
EPSS Percentile 98.9%

Details

CWE
CWE-119
Status published
Products (3)
microsoft/outlook_express 6.0 sp1
microsoft/outlook_express < 6.0
microsoft/windows_mail
Published Oct 09, 2007
Tracked Since Feb 18, 2026