L
Leythos
MS07-056 : Outlook Express and Windows Mail NNTP Memory Corruption
Vulnerability
Windows ships with either the Outlook Express (OE) or the Windows Mail
(WM) email client to allow you to download and read your email.
According to Microsoft, both these email clients suffer from a memory
corruption vulnerability involving the way they handle the Network News
Transfer Protocol (NNTP) . By enticing one of your users to a specially
designed web page containing NNTP content, an attacker could exploit
this vulnerability to execute code on that user's computer with that
user's privileges. Since typical Windows users have local administrative
privileges, attackers can usually exploit this flaw to gain complete
control of Windows machines.
Microsoft rating: Critical.
http://www.microsoft.com/technet/security/bulletin/ms07-056.mspx
--
Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
(e-mail address removed) (remove 999 for proper email address)
Vulnerability
Windows ships with either the Outlook Express (OE) or the Windows Mail
(WM) email client to allow you to download and read your email.
According to Microsoft, both these email clients suffer from a memory
corruption vulnerability involving the way they handle the Network News
Transfer Protocol (NNTP) . By enticing one of your users to a specially
designed web page containing NNTP content, an attacker could exploit
this vulnerability to execute code on that user's computer with that
user's privileges. Since typical Windows users have local administrative
privileges, attackers can usually exploit this flaw to gain complete
control of Windows machines.
Microsoft rating: Critical.
http://www.microsoft.com/technet/security/bulletin/ms07-056.mspx
--
Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
(e-mail address removed) (remove 999 for proper email address)