---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Microsoft Outlook Express News Reading Buffer Overflow SECUNIA ADVISORY ID: SA15695 VERIFY ADVISORY: http://secunia.com/advisories/15695/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From remote SOFTWARE: Microsoft Outlook Express 6 http://secunia.com/product/102/ Microsoft Outlook Express 5.5 http://secunia.com/product/189/ DESCRIPTION: A vulnerability has been reported in Microsoft Outlook Express, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error within the parsing of NNTP responses when using Outlook Express as a newsgroup reader. This can be exploited to cause a buffer overflow via a malicious newsgroup server. Successful exploitation requires that a user queries a malicious newsgroup server for news. SOLUTION: Apply patches. Outlook Express 5.5 SP2 on Windows 2000 (requires SP3 or SP4): http://www.microsoft.com/downloads/details.aspx?FamilyId=a6932151-2ae2-4c6e-861a-6ff5bde61191 Outlook Express 6 SP1 on Windows 2000 (requires SP3 or SP4) or Windows XP (requires SP1): http://www.microsoft.com/downloads/details.aspx?FamilyId=89e4d8ee-4d8e-4660-a53d-28502b3d2518 Outlook Express 6 SP1 for Windows XP 64-Bit Edition for Itanium (requires SP1): http://www.microsoft.com/downloads/details.aspx?FamilyId=b765c0e1-f4e2-495b-aae5-2db3eeaf71bb Outlook Express 6 for Windows XP 64-Bit Edition Version 2003 for Itanium: http://www.microsoft.com/downloads/details.aspx?familyid=69901ec1-a11f-4135-9874-3698bcf7c760 Outlook Express 6 for Windows Server 2003 for Itanium-based systems: http://www.microsoft.com/downloads/details.aspx?familyid=5fc7d68b-92a6-4c03-8d88-b2501aea8da6 Outlook Express 6 for Microsoft Windows Server 2003: http://www.microsoft.com/downloads/details.aspx?FamilyId=d439eee9-05eb-4ecb-9e86-6259f1acaabb The vulnerability does not affect the following versions: * Microsoft Windows Server 2003 Service Pack 1 * Microsoft Windows Server 2003 with SP1 for Itanium-based systems * Microsoft Windows Server 2003 x64 Edition * Microsoft Windows XP Professional x64 Edition * Microsoft Windows XP Service Pack 2 PROVIDED AND/OR DISCOVERED BY: Discovered by anonymous person and reported via iDEFENSE. ORIGINAL ADVISORY: MS05-030 (KB897715): http://www.microsoft.com/technet/security/bulletin/ms05-030.mspx iDEFENSE: http://idefense.com/application/poi/display?id=263&type=vulnerabilities ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------