Outlook Express and Windows Mail NNTP Memory Corruption Vulnerability

Discussion in 'Computer Support' started by Leythos, Oct 10, 2007.

  1. Leythos

    Leythos Guest

    MS07-056 : Outlook Express and Windows Mail NNTP Memory Corruption
    Vulnerability

    Windows ships with either the Outlook Express (OE) or the Windows Mail
    (WM) email client to allow you to download and read your email.
    According to Microsoft, both these email clients suffer from a memory
    corruption vulnerability involving the way they handle the Network News
    Transfer Protocol (NNTP) . By enticing one of your users to a specially
    designed web page containing NNTP content, an attacker could exploit
    this vulnerability to execute code on that user's computer with that
    user's privileges. Since typical Windows users have local administrative
    privileges, attackers can usually exploit this flaw to gain complete
    control of Windows machines.
    Microsoft rating: Critical.


    --
    Leythos - (remove 999 to email me)

    Fight exposing kids to porn, complain about sites like PCBUTTS1.COM that
    create filth and put it on the web for any kid to see: Just take a look
    at some of the FILTH he's created and put on his website:
    http://forums.speedguide.net/archive/index.php/t-223485.html all exposed
    to children (the link I've include does not directly display his filth).
    You can find the same information by googling for 'PCBUTTS1' and
    'exposed to kids'.
     
    Leythos, Oct 10, 2007
    #1
    1. Advertising

  2. Leythos

    chuckcar Guest

    Leythos <> wrote in
    news::

    > MS07-056 : Outlook Express and Windows Mail NNTP Memory Corruption
    > Vulnerability
    >
    > Windows ships with either the Outlook Express (OE) or the Windows Mail
    > (WM) email client to allow you to download and read your email.
    > According to Microsoft, both these email clients suffer from a memory
    > corruption vulnerability involving the way they handle the Network
    > News Transfer Protocol (NNTP) . By enticing one of your users to a
    > specially designed web page containing NNTP content,


    Is that microsoft's buzzword for mime? god knows they don't do yEnc.

    an attacker could exploit
    > this vulnerability to execute code on that user's computer with that
    > user's privileges. Since typical Windows users have local
    > administrative privileges, attackers can usually exploit this flaw to
    > gain complete control of Windows machines.
    > Microsoft rating: Critical.
    >

    Yet another result of "added capability" not doubt.



    --
    (setq (chuck nil) car(chuck) )
     
    chuckcar, Oct 10, 2007
    #2
    1. Advertising

  3. Leythos

    Meat Plow Guest

    On Tue, 09 Oct 2007 22:19:32 -0400, Leythos wrote:

    > MS07-056 : Outlook Express and Windows Mail NNTP Memory Corruption
    > Vulnerability
    >
    > Windows ships with either the Outlook Express (OE) or the Windows Mail
    > (WM) email client to allow you to download and read your email.
    > According to Microsoft, both these email clients suffer from a memory
    > corruption vulnerability involving the way they handle the Network News
    > Transfer Protocol (NNTP) . By enticing one of your users to a specially
    > designed web page containing NNTP content, an attacker could exploit
    > this vulnerability to execute code on that user's computer with that
    > user's privileges. Since typical Windows users have local administrative
    > privileges, attackers can usually exploit this flaw to gain complete
    > control of Windows machines.
    > Microsoft rating: Critical.


    Wow that sucks for Windoze users.
     
    Meat Plow, Oct 10, 2007
    #3
  4. Leythos

    Guest

    chuckcar <> wrote:

    >> Windows ships with either the Outlook Express (OE) or the Windows Mail
    >> (WM) email client to allow you to download and read your email.
    >> According to Microsoft, both these email clients suffer from a memory
    >> corruption vulnerability involving the way they handle the Network
    >> News Transfer Protocol (NNTP) . By enticing one of your users to a
    >> specially designed web page containing NNTP content,


    >Is that microsoft's buzzword for mime? god knows they don't do yEnc.


    ....Newsgroups http://www.faqs.org/rfcs/rfc977.html
    --

    The universe is about to lose its dimension of time
    http://arxivblog.com/?p=71
    December 2012 mayhaps?
     
    , Oct 10, 2007
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Imhotep
    Replies:
    0
    Views:
    482
    Imhotep
    May 27, 2006
  2. imhotep
    Replies:
    0
    Views:
    466
    imhotep
    Jun 9, 2006
  3. imhotep
    Replies:
    0
    Views:
    428
    imhotep
    Jun 21, 2006
  4. imhotep
    Replies:
    0
    Views:
    501
    imhotep
    Jun 23, 2006
  5. imhotep
    Replies:
    0
    Views:
    519
    imhotep
    Jun 23, 2006
Loading...

Share This Page