cvelistv5 - cve-2007-3897

CVE-2007-3897 (GCVE-0-2007-3897)

Vulnerability from cvelistv5 – Published: 2007-10-09 22:00 – Updated: 2024-08-07 14:37

Summary

Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption.

Severity ?

No CVSS data available.

CWE

Assigner

microsoft

References

URL

Tags

	http://securitytracker.com/id?1018785	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/archive/1/482366/100…	vendor-advisoryx_refsource_HP
	http://www.securityfocus.com/archive/1/482366/100…	vendor-advisoryx_refsource_HP
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	http://www.securityfocus.com/archive/1/481983/100…	mailing-listx_refsource_BUGTRAQ
	http://labs.idefense.com/intelligence/vulnerabili…	third-party-advisoryx_refsource_IDEFENSE
	http://www.vupen.com/english/advisories/2007/3436	vdb-entryx_refsource_VUPEN
	http://securitytracker.com/id?1018786	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/25908	vdb-entryx_refsource_BID
	http://www.us-cert.gov/cas/techalerts/TA07-282A.html	third-party-advisoryx_refsource_CERT
	http://secunia.com/advisories/27112	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:37:05.670Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1018785",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1018785"
          },
          {
            "name": "HPSBST02280",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
          },
          {
            "name": "SSRT071480",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
          },
          {
            "name": "oval:org.mitre.oval:def:1706",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1706"
          },
          {
            "name": "MS07-056",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-056"
          },
          {
            "name": "20071010 Re: iDefense Security Advisory 10.09.07: Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/481983/100/100/threaded"
          },
          {
            "name": "20071009 Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=607"
          },
          {
            "name": "ADV-2007-3436",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3436"
          },
          {
            "name": "1018786",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1018786"
          },
          {
            "name": "25908",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/25908"
          },
          {
            "name": "TA07-282A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-282A.html"
          },
          {
            "name": "27112",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27112"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-10-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "1018785",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1018785"
        },
        {
          "name": "HPSBST02280",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
        },
        {
          "name": "SSRT071480",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
        },
        {
          "name": "oval:org.mitre.oval:def:1706",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1706"
        },
        {
          "name": "MS07-056",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-056"
        },
        {
          "name": "20071010 Re: iDefense Security Advisory 10.09.07: Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/481983/100/100/threaded"
        },
        {
          "name": "20071009 Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=607"
        },
        {
          "name": "ADV-2007-3436",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3436"
        },
        {
          "name": "1018786",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1018786"
        },
        {
          "name": "25908",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/25908"
        },
        {
          "name": "TA07-282A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA07-282A.html"
        },
        {
          "name": "27112",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27112"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2007-3897",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1018785",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1018785"
            },
            {
              "name": "HPSBST02280",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
            },
            {
              "name": "SSRT071480",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
            },
            {
              "name": "oval:org.mitre.oval:def:1706",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1706"
            },
            {
              "name": "MS07-056",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-056"
            },
            {
              "name": "20071010 Re: iDefense Security Advisory 10.09.07: Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/481983/100/100/threaded"
            },
            {
              "name": "20071009 Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow",
              "refsource": "IDEFENSE",
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=607"
            },
            {
              "name": "ADV-2007-3436",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3436"
            },
            {
              "name": "1018786",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1018786"
            },
            {
              "name": "25908",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/25908"
            },
            {
              "name": "TA07-282A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-282A.html"
            },
            {
              "name": "27112",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27112"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2007-3897",
    "datePublished": "2007-10-09T22:00:00",
    "dateReserved": "2007-07-19T00:00:00",
    "dateUpdated": "2024-08-07T14:37:05.670Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:outlook_express:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"6.0\", \"matchCriteriaId\": \"78A15125-6A2E-4818-9FF5-BA44A5C55E54\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:outlook_express:6.0:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"D45F2775-A10B-4834-A2EF-7498EEAB155D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:windows_mail:-:*:*:*:*:vista:*:*\", \"matchCriteriaId\": \"3756D077-E4E7-4DF2-9342-17B80671C2E9\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption.\"}, {\"lang\": \"es\", \"value\": \"Un desbordamiento de b\\u00fafer en la regi\\u00f3n heap de la memoria en Microsoft Outlook Express versi\\u00f3n 6 y anteriores, y Windows Mail para Vista, permite que los servidores remotos de Network News Transfer Protocol  (NNTP) ejecuten c\\u00f3digo arbitrario por medio  de las respuestas NNTP largas que desencadenan una corrupci\\u00f3n de la memoria.\"}]",
      "id": "CVE-2007-3897",
      "lastModified": "2024-11-21T00:34:19.600",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2007-10-09T22:17:00.000",
      "references": "[{\"url\": \"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=607\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://secunia.com/advisories/27112\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1018785\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://securitytracker.com/id?1018786\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/481983/100/100/threaded\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/482366/100/0/threaded\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/482366/100/0/threaded\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/25908\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA07-282A.html\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2007/3436\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Permissions Required\", \"Third Party Advisory\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-056\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1706\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=607\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://secunia.com/advisories/27112\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1018785\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://securitytracker.com/id?1018786\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/481983/100/100/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/482366/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/482366/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/25908\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA07-282A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2007/3436\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\", \"Third Party Advisory\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-056\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1706\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-3897\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2007-10-09T22:17:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption.\"},{\"lang\":\"es\",\"value\":\"Un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria en Microsoft Outlook Express versi\u00f3n 6 y anteriores, y Windows Mail para Vista, permite que los servidores remotos de Network News Transfer Protocol  (NNTP) ejecuten c\u00f3digo arbitrario por medio  de las respuestas NNTP largas que desencadenan una corrupci\u00f3n de la memoria.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:outlook_express:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.0\",\"matchCriteriaId\":\"78A15125-6A2E-4818-9FF5-BA44A5C55E54\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:outlook_express:6.0:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D45F2775-A10B-4834-A2EF-7498EEAB155D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:windows_mail:-:*:*:*:*:vista:*:*\",\"matchCriteriaId\":\"3756D077-E4E7-4DF2-9342-17B80671C2E9\"}]}]}],\"references\":[{\"url\":\"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=607\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/27112\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://securitytracker.com/id?1018785\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://securitytracker.com/id?1018786\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/archive/1/481983/100/100/threaded\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/archive/1/482366/100/0/threaded\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/archive/1/482366/100/0/threaded\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/25908\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA07-282A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/3436\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Permissions Required\",\"Third Party Advisory\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-056\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1706\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=607\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/27112\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://securitytracker.com/id?1018785\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://securitytracker.com/id?1018786\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/archive/1/481983/100/100/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/archive/1/482366/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/archive/1/482366/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/25908\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA07-282A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/3436\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\",\"Third Party Advisory\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-056\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1706\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

GSD-2007-3897

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-3897

Aliases

CVE-2007-3897

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-3897",
    "description": "Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption.",
    "id": "GSD-2007-3897"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-3897"
      ],
      "details": "Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption.",
      "id": "GSD-2007-3897",
      "modified": "2023-12-13T01:21:42.096422Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2007-3897",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1018785",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1018785"
          },
          {
            "name": "HPSBST02280",
            "refsource": "HP",
            "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
          },
          {
            "name": "SSRT071480",
            "refsource": "HP",
            "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
          },
          {
            "name": "oval:org.mitre.oval:def:1706",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1706"
          },
          {
            "name": "MS07-056",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-056"
          },
          {
            "name": "20071010 Re: iDefense Security Advisory 10.09.07: Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/481983/100/100/threaded"
          },
          {
            "name": "20071009 Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow",
            "refsource": "IDEFENSE",
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=607"
          },
          {
            "name": "ADV-2007-3436",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/3436"
          },
          {
            "name": "1018786",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1018786"
          },
          {
            "name": "25908",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/25908"
          },
          {
            "name": "TA07-282A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-282A.html"
          },
          {
            "name": "27112",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27112"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:outlook_express:6.0:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:outlook_express:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:windows_mail:-:*:*:*:*:vista:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2007-3897"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20071009 Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow",
              "refsource": "IDEFENSE",
              "tags": [
                "Broken Link"
              ],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=607"
            },
            {
              "name": "TA07-282A",
              "refsource": "CERT",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-282A.html"
            },
            {
              "name": "25908",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/25908"
            },
            {
              "name": "1018785",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://securitytracker.com/id?1018785"
            },
            {
              "name": "1018786",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://securitytracker.com/id?1018786"
            },
            {
              "name": "27112",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/27112"
            },
            {
              "name": "ADV-2007-3436",
              "refsource": "VUPEN",
              "tags": [
                "Permissions Required",
                "Third Party Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/3436"
            },
            {
              "name": "oval:org.mitre.oval:def:1706",
              "refsource": "OVAL",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1706"
            },
            {
              "name": "MS07-056",
              "refsource": "MS",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-056"
            },
            {
              "name": "HPSBST02280",
              "refsource": "HP",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
            },
            {
              "name": "20071010 Re: iDefense Security Advisory 10.09.07: Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow",
              "refsource": "BUGTRAQ",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/archive/1/481983/100/100/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2019-10-09T22:53Z",
      "publishedDate": "2007-10-09T22:17Z"
    }
  }
}

GHSA-XCPQ-CC29-8FCH

Vulnerability from github – Published: 2022-05-01 18:18 – Updated: 2022-05-01 18:18

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-3897"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-10-09T22:17:00Z",
    "severity": "HIGH"
  },
  "details": "Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption.",
  "id": "GHSA-xcpq-cc29-8fch",
  "modified": "2022-05-01T18:18:29Z",
  "published": "2022-05-01T18:18:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3897"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-056"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1706"
    },
    {
      "type": "WEB",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=607"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27112"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1018785"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1018786"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/481983/100/100/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/25908"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-282A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/3436"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2007-AVI-431

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été identifiée dans les clients de messagerie Microsoft Outlook Express et Windows Mail. Elle concerne l'interprétation de trames du protocole NNTP. L'exploitation de cette dernière, à distance et par le biais de paquets spécialement construits, peut provoquer l'exécution de code arbitraire sur le système vulnérable.

Description

Une vulnérabilité a été identifiée dans les clients de messagerie Microsoft Outlook Express et Windows Mail. Elle concerne l'interprétation de trames du protocole NNTP (pour Network News Transfer Protocol). Ce dernier est utilisé pour échanger des informations de type news. Il a été initialement présenté dans le standard RFC 977 (1986), lui-même remplacé par le plus récent RFC 3977 (2006). Les ports TCP couramment utilisés pour les échanges de données sont 119/TCP et 563/TCP (NNTPS).

L'exploitation de cette vulnérabilité, à distance et par le biais de paquets spécialement construits, peut provoquer l'exécution de code arbitraire sur le système vulnérable.

Solution

Se référer au bulletin de sécurité MS07-056 de Microsoft pour l'obtention des correctifs (cf. section Documentation).

Microsoft Outlook Express 6 ;
Microsoft Outlook Express 6 Service Pack 1 ;
Microsoft Outlook Express 5.5 Service Pack 2 ;
Windows Mail (Vista).

Cela concerne donc les versions Outlook Express 6 (Service Pack 1 inclus).

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS07-056 du 09 octobre 2007	None	vendor-advisory
RFC 3977, "Network News Transfer Protocol (NNTP)", October 2006 :	-	other
RFC 977, "Network News Transfer Protocol, A Proposed Standard for the Stream-Based Transmission of News", February 2006 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cUL\u003e    \u003cLI\u003eMicrosoft Outlook Express 6 ;\u003c/LI\u003e    \u003cLI\u003eMicrosoft Outlook Express 6 Service Pack 1 ;\u003c/LI\u003e    \u003cLI\u003eMicrosoft Outlook Express 5.5 Service Pack 2 ;\u003c/LI\u003e    \u003cLI\u003eWindows Mail (Vista).\u003c/LI\u003e  \u003c/UL\u003e  \u003cP\u003eCela concerne donc les versions Outlook Express 6 (Service  Pack 1 inclus).\u003c/P\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans les clients de messagerie\nMicrosoft Outlook Express et Windows Mail. Elle concerne\nl\u0027interpr\u00e9tation de trames du protocole NNTP (pour Network News Transfer\nProtocol). Ce dernier est utilis\u00e9 pour \u00e9changer des informations de type\nnews. Il a \u00e9t\u00e9 initialement pr\u00e9sent\u00e9 dans le standard RFC 977 (1986),\nlui-m\u00eame remplac\u00e9 par le plus r\u00e9cent RFC 3977 (2006). Les ports TCP\ncouramment utilis\u00e9s pour les \u00e9changes de donn\u00e9es sont 119/TCP et 563/TCP\n(NNTPS).\n\nL\u0027exploitation de cette vuln\u00e9rabilit\u00e9, \u00e0 distance et par le biais de\npaquets sp\u00e9cialement construits, peut provoquer l\u0027ex\u00e9cution de code\narbitraire sur le syst\u00e8me vuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 MS07-056 de Microsoft pour\nl\u0027obtention des correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-3897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3897"
    }
  ],
  "links": [
    {
      "title": "RFC 3977, \"Network News Transfer Protocol (NNTP)\", October    2006 :",
      "url": "http://tools.ietf.org/rfc/rfc3977.txt"
    },
    {
      "title": "RFC 977, \"Network News Transfer Protocol, A Proposed    Standard for the Stream-Based Transmission of News\", February    2006 :",
      "url": "http://tools.ietf.org/rfc/rfc977.txt"
    }
  ],
  "reference": "CERTA-2007-AVI-431",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-10-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans les clients de messagerie\nMicrosoft Outlook Express et Windows Mail. Elle concerne\nl\u0027interpr\u00e9tation de trames du protocole NNTP. L\u0027exploitation de cette\nderni\u00e8re, \u00e0 distance et par le biais de paquets sp\u00e9cialement construits,\npeut provoquer l\u0027ex\u00e9cution de code arbitraire sur le syst\u00e8me vuln\u00e9rable.\n",
  "title": "VUln\u00e9rabilit\u00e9 dans Microsoft Outlook Express et Windows Mail",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-056 du 09 octobre 2007",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS07-056.mspx"
    }
  ]
}

CERTA-2007-AVI-431

Vulnerability from certfr_avis - Published: - Updated:

Description

L'exploitation de cette vulnérabilité, à distance et par le biais de paquets spécialement construits, peut provoquer l'exécution de code arbitraire sur le système vulnérable.

Solution

Se référer au bulletin de sécurité MS07-056 de Microsoft pour l'obtention des correctifs (cf. section Documentation).

Microsoft Outlook Express 6 ;
Microsoft Outlook Express 6 Service Pack 1 ;
Microsoft Outlook Express 5.5 Service Pack 2 ;
Windows Mail (Vista).

Cela concerne donc les versions Outlook Express 6 (Service Pack 1 inclus).

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS07-056 du 09 octobre 2007	None	vendor-advisory
RFC 3977, "Network News Transfer Protocol (NNTP)", October 2006 :	-	other
RFC 977, "Network News Transfer Protocol, A Proposed Standard for the Stream-Based Transmission of News", February 2006 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cUL\u003e    \u003cLI\u003eMicrosoft Outlook Express 6 ;\u003c/LI\u003e    \u003cLI\u003eMicrosoft Outlook Express 6 Service Pack 1 ;\u003c/LI\u003e    \u003cLI\u003eMicrosoft Outlook Express 5.5 Service Pack 2 ;\u003c/LI\u003e    \u003cLI\u003eWindows Mail (Vista).\u003c/LI\u003e  \u003c/UL\u003e  \u003cP\u003eCela concerne donc les versions Outlook Express 6 (Service  Pack 1 inclus).\u003c/P\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans les clients de messagerie\nMicrosoft Outlook Express et Windows Mail. Elle concerne\nl\u0027interpr\u00e9tation de trames du protocole NNTP (pour Network News Transfer\nProtocol). Ce dernier est utilis\u00e9 pour \u00e9changer des informations de type\nnews. Il a \u00e9t\u00e9 initialement pr\u00e9sent\u00e9 dans le standard RFC 977 (1986),\nlui-m\u00eame remplac\u00e9 par le plus r\u00e9cent RFC 3977 (2006). Les ports TCP\ncouramment utilis\u00e9s pour les \u00e9changes de donn\u00e9es sont 119/TCP et 563/TCP\n(NNTPS).\n\nL\u0027exploitation de cette vuln\u00e9rabilit\u00e9, \u00e0 distance et par le biais de\npaquets sp\u00e9cialement construits, peut provoquer l\u0027ex\u00e9cution de code\narbitraire sur le syst\u00e8me vuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 MS07-056 de Microsoft pour\nl\u0027obtention des correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-3897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3897"
    }
  ],
  "links": [
    {
      "title": "RFC 3977, \"Network News Transfer Protocol (NNTP)\", October    2006 :",
      "url": "http://tools.ietf.org/rfc/rfc3977.txt"
    },
    {
      "title": "RFC 977, \"Network News Transfer Protocol, A Proposed    Standard for the Stream-Based Transmission of News\", February    2006 :",
      "url": "http://tools.ietf.org/rfc/rfc977.txt"
    }
  ],
  "reference": "CERTA-2007-AVI-431",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-10-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans les clients de messagerie\nMicrosoft Outlook Express et Windows Mail. Elle concerne\nl\u0027interpr\u00e9tation de trames du protocole NNTP. L\u0027exploitation de cette\nderni\u00e8re, \u00e0 distance et par le biais de paquets sp\u00e9cialement construits,\npeut provoquer l\u0027ex\u00e9cution de code arbitraire sur le syst\u00e8me vuln\u00e9rable.\n",
  "title": "VUln\u00e9rabilit\u00e9 dans Microsoft Outlook Express et Windows Mail",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-056 du 09 octobre 2007",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS07-056.mspx"
    }
  ]
}

FKIE_CVE-2007-3897

Vulnerability from fkie_nvd - Published: 2007-10-09 22:17 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=607	Broken Link
secure@microsoft.com	http://secunia.com/advisories/27112	Third Party Advisory
secure@microsoft.com	http://securitytracker.com/id?1018785	Third Party Advisory, VDB Entry
secure@microsoft.com	http://securitytracker.com/id?1018786	Third Party Advisory, VDB Entry
secure@microsoft.com	http://www.securityfocus.com/archive/1/481983/100/100/threaded	Third Party Advisory, VDB Entry
secure@microsoft.com	http://www.securityfocus.com/archive/1/482366/100/0/threaded	Third Party Advisory, VDB Entry
secure@microsoft.com	http://www.securityfocus.com/bid/25908	Third Party Advisory, VDB Entry
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA07-282A.html	Third Party Advisory, US Government Resource
secure@microsoft.com	http://www.vupen.com/english/advisories/2007/3436	Permissions Required, Third Party Advisory
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-056	Patch, Vendor Advisory
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1706	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=607	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27112	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1018785	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1018786	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/481983/100/100/threaded	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/482366/100/0/threaded	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/25908	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA07-282A.html	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/3436	Permissions Required, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-056	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1706	Third Party Advisory

Impacted products

Vendor	Product	Version
microsoft	outlook_express	*
microsoft	outlook_express	6.0
microsoft	windows_mail	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:outlook_express:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "78A15125-6A2E-4818-9FF5-BA44A5C55E54",
              "versionEndIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:outlook_express:6.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "D45F2775-A10B-4834-A2EF-7498EEAB155D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:windows_mail:-:*:*:*:*:vista:*:*",
              "matchCriteriaId": "3756D077-E4E7-4DF2-9342-17B80671C2E9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption."
    },
    {
      "lang": "es",
      "value": "Un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria en Microsoft Outlook Express versi\u00f3n 6 y anteriores, y Windows Mail para Vista, permite que los servidores remotos de Network News Transfer Protocol  (NNTP) ejecuten c\u00f3digo arbitrario por medio  de las respuestas NNTP largas que desencadenan una corrupci\u00f3n de la memoria."
    }
  ],
  "id": "CVE-2007-3897",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-10-09T22:17:00.000",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=607"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/27112"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1018785"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1018786"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/481983/100/100/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/25908"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-282A.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Permissions Required",
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/3436"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-056"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1706"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=607"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/27112"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1018785"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1018786"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/481983/100/100/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/25908"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-282A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required",
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/3436"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-056"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1706"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-3897 (GCVE-0-2007-3897)

GSD-2007-3897

GHSA-XCPQ-CC29-8FCH

CERTA-2007-AVI-431

Description

Solution

CERTA-2007-AVI-431

Description

Solution

FKIE_CVE-2007-3897

Tags

Sightings

Nomenclature