Vulnerabilities > CVE-2010-0816 - Numeric Errors vulnerability in Microsoft Outlook Express, Windows Live Mail and Windows Mail

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

microsoft

CWE-189

nessus

exploit available

NVD

Published: 2010-05-12

Updated: 2023-12-07

Summary

Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6 SP1; Windows Live Mail on Windows XP SP2 and SP3, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; and Windows Mail on Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote e-mail servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) POP3 or (2) IMAP response, as demonstrated by a certain +OK response on TCP port 110, aka "Outlook Express and Windows Mail Integer Overflow Vulnerability."

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft Outlook Express 5.5 Microsoft Outlook Express 6.0 Microsoft Windows Live Mail * Microsoft Windows Mail *	5
OS	Microsoft Microsoft Windows 2000 * Microsoft Windows XP * Microsoft Windows XP - Microsoft Windows 2003 Server * Microsoft Windows Server 2003 * Microsoft Windows Server 2008 * Microsoft Windows Server 2008 - Microsoft Windows Server 2008 R2 Microsoft Windows Vista * Microsoft Windows Vista - Microsoft Windows 7 -	24

Common Weakness Enumeration (CWE)

CWE-189 - Numeric Errors

Exploit-Db

description	Microsoft Windows Outlook Express and Windows Mail Integer Overflow. CVE-2010-0816. Dos exploit for windows platform
id	EDB-ID:12564
last seen	2016-02-01
modified	2010-05-11
published	2010-05-11
reporter	Francis Provencher
source	https://www.exploit-db.com/download/12564/
title	Microsoft Windows Outlook Express and Windows Mail Integer Overflow

Msbulletin

bulletin_id	MS10-030
bulletin_url
date	2010-05-11T00:00:00
impact	Remote Code Execution
knowledgebase_id	978542
knowledgebase_url
severity	Critical
title	Vulnerability in Outlook Express and Windows Mail Could Allow Remote Code Execution

Nessus

NASL family	Windows : Microsoft Bulletins
NASL id	SMB_NT_MS10-030.NASL
description	The remote host is running a version of Microsoft Outlook Express / Windows Mail that contains a flaw that could be used to cause an integer overflow, resulting in remote code execution. To exploit this flaw, an attacker would need a victim to connect to a mail server under their control and send malicious responses to the victim
last seen	2020-06-01
modified	2020-06-02
plugin id	46312
published	2010-05-11
reporter	This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/46312
title	MS10-030: Vulnerability in Outlook Express and Windows Mail Could Allow Remote Code Execution (978542)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(46312); script_version("1.21"); script_cvs_date("Date: 2018/11/15 20:50:30"); script_cve_id("CVE-2010-0816"); script_bugtraq_id(39927); script_xref(name:"IAVB", value:"2010-B-0039"); script_xref(name:"MSFT", value:"MS10-030"); script_xref(name:"MSKB", value:"978542"); script_name(english:"MS10-030: Vulnerability in Outlook Express and Windows Mail Could Allow Remote Code Execution (978542)"); script_summary(english:"Checks version of Inetcomm.dll"); script_set_attribute(attribute:"synopsis", value: "An integer overflow vulnerability is present on the remote host due to an issue in Outlook Express / Windows Mail."); script_set_attribute(attribute:"description", value: "The remote host is running a version of Microsoft Outlook Express / Windows Mail that contains a flaw that could be used to cause an integer overflow, resulting in remote code execution. To exploit this flaw, an attacker would need a victim to connect to a mail server under their control and send malicious responses to the victim's email client."); script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2010/ms10-030"); script_set_attribute(attribute:"solution", value: "Microsoft has released a set of patches for Outlook Express and Windows Mail."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2010/05/11"); script_set_attribute(attribute:"patch_publication_date", value:"2010/05/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/05/11"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows"); script_set_attribute(attribute:"stig_severity", value:"II"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc."); script_family(english:"Windows : Microsoft Bulletins"); script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl"); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, 'Host/patch_management_checks'); exit(0); } include("audit.inc"); include("smb_func.inc"); include("smb_hotfixes.inc"); include("smb_hotfixes_fcheck.inc"); include("misc_func.inc"); get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible"); bulletin = 'MS10-030'; kbs = make_list("978542"); if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE); get_kb_item_or_exit("SMB/Registry/Enumerated"); get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1); if (hotfix_check_sp_range(win2k:'4,5', xp:'2,3', win2003:'2', vista:'1,2', win7:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN); if (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE); rootfile = hotfix_get_systemroot(); if (!rootfile) exit(1, "Failed to get the system root."); share = hotfix_path2share(path:rootfile); if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share); kb = '978542'; if ( hotfix_is_vulnerable(os:"6.1", sp:0, file:"Inetcomm.dll", version:"6.1.7600.16543", min_version:"6.1.7600.16000", dir:"\system32", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"6.1", sp:0, file:"Inetcomm.dll", version:"6.1.7600.20659", min_version:"6.1.7600.20000", dir:"\system32", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"6.0", sp:1, file:"Inetcomm.dll", version:"6.0.6001.18416", min_version:"6.0.6001.18000", dir:"\system32", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"6.0", sp:1, file:"Inetcomm.dll", version:"6.0.6001.22621", min_version:"6.0.6001.22000", dir:"\system32", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"6.0", sp:2, file:"Inetcomm.dll", version:"6.0.6002.18197", min_version:"6.0.6002.18000", dir:"\system32", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"6.0", sp:2, file:"Inetcomm.dll", version:"6.0.6002.22325", min_version:"6.0.6002.22000", dir:"\system32", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"5.2", sp:2, file:"Inetcomm.dll", version:"6.0.3790.4657", dir:"\system32", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"5.1", sp:2, file:"Inetcomm.dll", version:"6.0.2900.3664", dir:"\system32", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"5.1", sp:3, file:"Inetcomm.dll", version:"6.0.2900.5931", dir:"\system32", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"5.0", file:"Inetcomm.dll", version:"6.0.2800.2001", min_version:"6.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"5.0", file:"Inetcomm.dll", version:"5.50.5010.200", dir:"\system32", bulletin:bulletin, kb:kb) ) { set_kb_item(name:"SMB/Missing/MS10-030", value:TRUE); hotfix_security_hole(); hotfix_check_fversion_end(); } else { hotfix_check_fversion_end(); audit(AUDIT_HOST_NOT, 'affected'); }

Oval

accepted

2014-08-18T04:06:18.815-04:00

class

vulnerability

contributors

name Dragos Prisaca
organization Symantec Corporation
name Dragos Prisaca
organization Symantec Corporation
name Chandan S
organization SecPod Technologies
name Maria Mikhno
organization ALTX-SOFT

definition_extensions

comment Microsoft Windows 2000 is installed
oval oval:org.mitre.oval:def:85
comment Microsoft Outlook Express 5.5 SP2 is installed.
oval oval:org.mitre.oval:def:504
comment Microsoft Windows 2000 is installed
oval oval:org.mitre.oval:def:85
comment Microsoft Outlook Express 6 SP1 is installed.
oval oval:org.mitre.oval:def:488
comment Microsoft Windows XP (32-bit) is installed
oval oval:org.mitre.oval:def:1353
comment Microsoft Outlook Express 6.0 for Windows XP/2003 is installed
oval oval:org.mitre.oval:def:208
comment Microsoft Windows XP (32-bit) is installed
oval oval:org.mitre.oval:def:1353
comment Microsoft Outlook Express 6.0 for Windows XP/2003 is installed
oval oval:org.mitre.oval:def:208
comment Microsoft Windows Server 2003 (32-bit) is installed
oval oval:org.mitre.oval:def:1870
comment Microsoft Windows Server 2003 (x64) is installed
oval oval:org.mitre.oval:def:730
comment Microsoft Windows Server 2003 (ia64) Gold is installed
oval oval:org.mitre.oval:def:396
comment Microsoft Windows XP x64 is installed
oval oval:org.mitre.oval:def:15247
comment Microsoft Outlook Express 6.0 for Windows XP/2003 is installed
oval oval:org.mitre.oval:def:208
comment Microsoft Windows Vista (32-bit) is installed
oval oval:org.mitre.oval:def:1282
comment Microsoft Windows Vista x64 Edition is installed
oval oval:org.mitre.oval:def:2041
comment Microsoft Windows Server 2008 (32-bit) is installed
oval oval:org.mitre.oval:def:4870
comment Microsoft Windows Server 2008 (64-bit) is installed
oval oval:org.mitre.oval:def:5356
comment Microsoft Windows Mail is installed
oval oval:org.mitre.oval:def:2058
comment Microsoft Windows Vista (32-bit) is installed
oval oval:org.mitre.oval:def:1282
comment Microsoft Windows Vista x64 Edition is installed
oval oval:org.mitre.oval:def:2041
comment Microsoft Windows Server 2008 (32-bit) is installed
oval oval:org.mitre.oval:def:4870
comment Microsoft Windows Server 2008 (64-bit) is installed
oval oval:org.mitre.oval:def:5356
comment Microsoft Windows Mail is installed
oval oval:org.mitre.oval:def:2058
comment Microsoft Windows Vista (32-bit) is installed
oval oval:org.mitre.oval:def:1282
comment Microsoft Windows Vista x64 Edition is installed
oval oval:org.mitre.oval:def:2041
comment Microsoft Windows Server 2008 (32-bit) is installed
oval oval:org.mitre.oval:def:4870
comment Microsoft Windows Server 2008 (64-bit) is installed
oval oval:org.mitre.oval:def:5356
comment Microsoft Windows Mail is installed
oval oval:org.mitre.oval:def:2058
comment Microsoft Windows Vista (32-bit) is installed
oval oval:org.mitre.oval:def:1282
comment Microsoft Windows Vista x64 Edition is installed
oval oval:org.mitre.oval:def:2041
comment Microsoft Windows Server 2008 (32-bit) is installed
oval oval:org.mitre.oval:def:4870
comment Microsoft Windows Server 2008 (64-bit) is installed
oval oval:org.mitre.oval:def:5356
comment Microsoft Windows Mail is installed
oval oval:org.mitre.oval:def:2058
comment Microsoft Windows Server 2008 (ia-64) is installed
oval oval:org.mitre.oval:def:5667
comment Microsoft Windows Mail is installed
oval oval:org.mitre.oval:def:2058
comment Microsoft Windows Server 2008 (ia-64) is installed
oval oval:org.mitre.oval:def:5667
comment Microsoft Windows Mail is installed
oval oval:org.mitre.oval:def:2058
comment Microsoft Windows Server 2008 (ia-64) is installed
oval oval:org.mitre.oval:def:5667
comment Microsoft Windows Mail is installed
oval oval:org.mitre.oval:def:2058
comment Microsoft Windows Server 2008 (ia-64) is installed
oval oval:org.mitre.oval:def:5667
comment Microsoft Windows Mail is installed
oval oval:org.mitre.oval:def:2058
comment Microsoft Windows 7 (32-bit) is installed
oval oval:org.mitre.oval:def:6165
comment Microsoft Windows 7 x64 Edition is installed
oval oval:org.mitre.oval:def:5950
comment Microsoft Windows Server 2008 R2 x64 Edition is installed
oval oval:org.mitre.oval:def:6438
comment Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
oval oval:org.mitre.oval:def:5954
comment Microsoft Windows Mail is installed
oval oval:org.mitre.oval:def:2058
comment Microsoft Windows 7 (32-bit) is installed
oval oval:org.mitre.oval:def:6165
comment Microsoft Windows 7 x64 Edition is installed
oval oval:org.mitre.oval:def:5950
comment Microsoft Windows Server 2008 R2 x64 Edition is installed
oval oval:org.mitre.oval:def:6438
comment Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
oval oval:org.mitre.oval:def:5954
comment Microsoft Windows Mail is installed
oval oval:org.mitre.oval:def:2058

description

family

windows

oval:org.mitre.oval:def:6734

status

accepted

submitted

2010-05-11T13:00:00

title

Outlook Express and Windows Mail Integer Overflow Vulnerability

version

Packetstorm

data source	https://packetstormsecurity.com/files/download/89398/moe-overflow.txt
id	PACKETSTORM:89398
last seen	2016-12-05
published	2010-05-12
reporter	Francis Provencher
source	https://packetstormsecurity.com/files/89398/Microsoft-Windows-Outlook-Express-And-Windows-Mail-Integer-Overflow.html
title	Microsoft Windows Outlook Express And Windows Mail Integer Overflow

Seebug

bulletinFamily	exploit
description	No description provided by source.
id	SSV:19583
last seen	2017-11-19
modified	2010-05-11
published	2010-05-11
reporter	Root
source	https://www.seebug.org/vuldb/ssvid-19583
title	Microsoft Windows Outlook Express and Windows Mail Integer Overflow

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

Msbulletin

Nessus

Oval

Packetstorm

Seebug

References