// For flags

CVE-2010-0816

Microsoft Windows Outlook Express and Windows Mail - Integer Overflow

Severity Score

9.3
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

4
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6 SP1; Windows Live Mail on Windows XP SP2 and SP3, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; and Windows Mail on Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote e-mail servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) POP3 or (2) IMAP response, as demonstrated by a certain +OK response on TCP port 110, aka "Outlook Express and Windows Mail Integer Overflow Vulnerability."

Un desbordamiento de entero en inetcomm.dll en Microsoft Outlook Express v5.5 Service Pack 2, v6 y v6 SP1, Windows Live Mail en Windows XP SP2 y SP3, Windows Vista SP1 y SP2, Windows Server 2008 Gold, Service Pack 2, y R2 y Windows 7, y Windows Mail en Windows Vista SP1 y SP2, Windows Server 2008 Gold, Service Pack 2, y R2 y Windows 7 permite ejecutar, a los servidores de correo electrónico remoto y los atacantes "man-in-the-middle", código de su elección a través de una respuesta (1) POP3 o ( 2) IMAP debidamente modificada, como lo demuestra una respuesta + OK en el puerto TCP 110. Esta vulnerabilidad también es conocida como "Vulnerabilidad de desbordamiento de Entero de Outlook Express y Windows Mail."

Microsoft Windows Outlook Express and Windows Mail suffer from an integer overflow vulnerability.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2010-03-02 CVE Reserved
  • 2010-05-11 First Exploit
  • 2010-05-12 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-11-09 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-189: Numeric Errors
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Microsoft
Search vendor "Microsoft"
Outlook Express
Search vendor "Microsoft" for product "Outlook Express"
5.5
Search vendor "Microsoft" for product "Outlook Express" and version "5.5"
sp2
Affected
in Microsoft
Search vendor "Microsoft"
Windows 2000
Search vendor "Microsoft" for product "Windows 2000"
*sp4
Safe
Microsoft
Search vendor "Microsoft"
Outlook Express
Search vendor "Microsoft" for product "Outlook Express"
6.0
Search vendor "Microsoft" for product "Outlook Express" and version "6.0"
sp1
Affected
in Microsoft
Search vendor "Microsoft"
Windows 2000
Search vendor "Microsoft" for product "Windows 2000"
*sp4
Safe
Microsoft
Search vendor "Microsoft"
Outlook Express
Search vendor "Microsoft" for product "Outlook Express"
6.0
Search vendor "Microsoft" for product "Outlook Express" and version "6.0"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Xp
Search vendor "Microsoft" for product "Windows Xp"
*sp2
Safe
Microsoft
Search vendor "Microsoft"
Outlook Express
Search vendor "Microsoft" for product "Outlook Express"
6.0
Search vendor "Microsoft" for product "Outlook Express" and version "6.0"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Xp
Search vendor "Microsoft" for product "Windows Xp"
*sp3
Safe
Microsoft
Search vendor "Microsoft"
Windows Live Mail
Search vendor "Microsoft" for product "Windows Live Mail"
*-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Xp
Search vendor "Microsoft" for product "Windows Xp"
*sp2
Safe
Microsoft
Search vendor "Microsoft"
Windows Live Mail
Search vendor "Microsoft" for product "Windows Live Mail"
*-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Xp
Search vendor "Microsoft" for product "Windows Xp"
*sp3
Safe
Microsoft
Search vendor "Microsoft"
Outlook Express
Search vendor "Microsoft" for product "Outlook Express"
6.0
Search vendor "Microsoft" for product "Outlook Express" and version "6.0"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Xp
Search vendor "Microsoft" for product "Windows Xp"
-sp2, x64
Safe
Microsoft
Search vendor "Microsoft"
Windows Live Mail
Search vendor "Microsoft" for product "Windows Live Mail"
*-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Xp
Search vendor "Microsoft" for product "Windows Xp"
-sp2, x64
Safe
Microsoft
Search vendor "Microsoft"
Outlook Express
Search vendor "Microsoft" for product "Outlook Express"
6.0
Search vendor "Microsoft" for product "Outlook Express" and version "6.0"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows 2003 Server
Search vendor "Microsoft" for product "Windows 2003 Server"
*sp2
Safe
Microsoft
Search vendor "Microsoft"
Outlook Express
Search vendor "Microsoft" for product "Outlook Express"
6.0
Search vendor "Microsoft" for product "Outlook Express" and version "6.0"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows 2003 Server
Search vendor "Microsoft" for product "Windows 2003 Server"
*sp2, itanium
Safe
Microsoft
Search vendor "Microsoft"
Outlook Express
Search vendor "Microsoft" for product "Outlook Express"
6.0
Search vendor "Microsoft" for product "Outlook Express" and version "6.0"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Server 2003
Search vendor "Microsoft" for product "Windows Server 2003"
*sp2
Safe
Microsoft
Search vendor "Microsoft"
Windows Live Mail
Search vendor "Microsoft" for product "Windows Live Mail"
*-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Server 2008
Search vendor "Microsoft" for product "Windows Server 2008"
*itanium
Safe
Microsoft
Search vendor "Microsoft"
Windows Live Mail
Search vendor "Microsoft" for product "Windows Live Mail"
*-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Server 2008
Search vendor "Microsoft" for product "Windows Server 2008"
*x32
Safe
Microsoft
Search vendor "Microsoft"
Windows Live Mail
Search vendor "Microsoft" for product "Windows Live Mail"
*-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Server 2008
Search vendor "Microsoft" for product "Windows Server 2008"
*x64
Safe
Microsoft
Search vendor "Microsoft"
Windows Live Mail
Search vendor "Microsoft" for product "Windows Live Mail"
*-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Server 2008
Search vendor "Microsoft" for product "Windows Server 2008"
*sp2, x32
Safe
Microsoft
Search vendor "Microsoft"
Windows Live Mail
Search vendor "Microsoft" for product "Windows Live Mail"
*-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Server 2008
Search vendor "Microsoft" for product "Windows Server 2008"
*sp2, x64
Safe
Microsoft
Search vendor "Microsoft"
Windows Live Mail
Search vendor "Microsoft" for product "Windows Live Mail"
*-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Server 2008
Search vendor "Microsoft" for product "Windows Server 2008"
-itanium
Safe
Microsoft
Search vendor "Microsoft"
Windows Live Mail
Search vendor "Microsoft" for product "Windows Live Mail"
*-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Server 2008
Search vendor "Microsoft" for product "Windows Server 2008"
-x64
Safe
Microsoft
Search vendor "Microsoft"
Windows Live Mail
Search vendor "Microsoft" for product "Windows Live Mail"
*-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Server 2008
Search vendor "Microsoft" for product "Windows Server 2008"
-gold, itanium
Safe
Microsoft
Search vendor "Microsoft"
Windows Live Mail
Search vendor "Microsoft" for product "Windows Live Mail"
*-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Server 2008
Search vendor "Microsoft" for product "Windows Server 2008"
-sp2, itanium
Safe
Microsoft
Search vendor "Microsoft"
Windows Live Mail
Search vendor "Microsoft" for product "Windows Live Mail"
*-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Server 2008
Search vendor "Microsoft" for product "Windows Server 2008"
-sp2, x64
Safe
Microsoft
Search vendor "Microsoft"
Windows Live Mail
Search vendor "Microsoft" for product "Windows Live Mail"
*-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Vista
Search vendor "Microsoft" for product "Windows Vista"
*sp1
Safe
Microsoft
Search vendor "Microsoft"
Windows Live Mail
Search vendor "Microsoft" for product "Windows Live Mail"
*-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Vista
Search vendor "Microsoft" for product "Windows Vista"
*sp2
Safe
Microsoft
Search vendor "Microsoft"
Windows Live Mail
Search vendor "Microsoft" for product "Windows Live Mail"
*-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Vista
Search vendor "Microsoft" for product "Windows Vista"
-sp1
Safe
Microsoft
Search vendor "Microsoft"
Windows Live Mail
Search vendor "Microsoft" for product "Windows Live Mail"
*-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Vista
Search vendor "Microsoft" for product "Windows Vista"
-sp2
Safe
Microsoft
Search vendor "Microsoft"
Windows Mail
Search vendor "Microsoft" for product "Windows Mail"
*-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Server 2008
Search vendor "Microsoft" for product "Windows Server 2008"
*itanium
Safe
Microsoft
Search vendor "Microsoft"
Windows Mail
Search vendor "Microsoft" for product "Windows Mail"
*-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Server 2008
Search vendor "Microsoft" for product "Windows Server 2008"
*x32
Safe
Microsoft
Search vendor "Microsoft"
Windows Mail
Search vendor "Microsoft" for product "Windows Mail"
*-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Server 2008
Search vendor "Microsoft" for product "Windows Server 2008"
*x64
Safe
Microsoft
Search vendor "Microsoft"
Windows Mail
Search vendor "Microsoft" for product "Windows Mail"
*-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Server 2008
Search vendor "Microsoft" for product "Windows Server 2008"
*sp2, x32
Safe
Microsoft
Search vendor "Microsoft"
Windows Mail
Search vendor "Microsoft" for product "Windows Mail"
*-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Server 2008
Search vendor "Microsoft" for product "Windows Server 2008"
*sp2, x64
Safe
Microsoft
Search vendor "Microsoft"
Windows Mail
Search vendor "Microsoft" for product "Windows Mail"
*-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Server 2008
Search vendor "Microsoft" for product "Windows Server 2008"
-itanium
Safe
Microsoft
Search vendor "Microsoft"
Windows Mail
Search vendor "Microsoft" for product "Windows Mail"
*-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Server 2008
Search vendor "Microsoft" for product "Windows Server 2008"
-x64
Safe
Microsoft
Search vendor "Microsoft"
Windows Mail
Search vendor "Microsoft" for product "Windows Mail"
*-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Server 2008
Search vendor "Microsoft" for product "Windows Server 2008"
-gold, itanium
Safe
Microsoft
Search vendor "Microsoft"
Windows Mail
Search vendor "Microsoft" for product "Windows Mail"
*-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Server 2008
Search vendor "Microsoft" for product "Windows Server 2008"
-sp2, itanium
Safe
Microsoft
Search vendor "Microsoft"
Windows Mail
Search vendor "Microsoft" for product "Windows Mail"
*-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Server 2008
Search vendor "Microsoft" for product "Windows Server 2008"
-sp2, x64
Safe
Microsoft
Search vendor "Microsoft"
Windows Mail
Search vendor "Microsoft" for product "Windows Mail"
*-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Vista
Search vendor "Microsoft" for product "Windows Vista"
*sp1
Safe
Microsoft
Search vendor "Microsoft"
Windows Mail
Search vendor "Microsoft" for product "Windows Mail"
*-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Vista
Search vendor "Microsoft" for product "Windows Vista"
*sp2
Safe
Microsoft
Search vendor "Microsoft"
Windows Mail
Search vendor "Microsoft" for product "Windows Mail"
*-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Vista
Search vendor "Microsoft" for product "Windows Vista"
-sp1
Safe
Microsoft
Search vendor "Microsoft"
Windows Mail
Search vendor "Microsoft" for product "Windows Mail"
*-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Vista
Search vendor "Microsoft" for product "Windows Vista"
-sp2
Safe
Microsoft
Search vendor "Microsoft"
Windows Live Mail
Search vendor "Microsoft" for product "Windows Live Mail"
*-
Affected
in Microsoft
Search vendor "Microsoft"
Windows 7
Search vendor "Microsoft" for product "Windows 7"
--
Safe
Microsoft
Search vendor "Microsoft"
Windows Live Mail
Search vendor "Microsoft" for product "Windows Live Mail"
*-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Server 2008
Search vendor "Microsoft" for product "Windows Server 2008"
r2
Search vendor "Microsoft" for product "Windows Server 2008" and version "r2"
itanium
Safe
Microsoft
Search vendor "Microsoft"
Windows Live Mail
Search vendor "Microsoft" for product "Windows Live Mail"
*-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Server 2008
Search vendor "Microsoft" for product "Windows Server 2008"
r2
Search vendor "Microsoft" for product "Windows Server 2008" and version "r2"
x64
Safe
Microsoft
Search vendor "Microsoft"
Windows Mail
Search vendor "Microsoft" for product "Windows Mail"
*-
Affected
in Microsoft
Search vendor "Microsoft"
Windows 7
Search vendor "Microsoft" for product "Windows 7"
--
Safe
Microsoft
Search vendor "Microsoft"
Windows Mail
Search vendor "Microsoft" for product "Windows Mail"
*-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Server 2008
Search vendor "Microsoft" for product "Windows Server 2008"
r2
Search vendor "Microsoft" for product "Windows Server 2008" and version "r2"
itanium
Safe
Microsoft
Search vendor "Microsoft"
Windows Mail
Search vendor "Microsoft" for product "Windows Mail"
*-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Server 2008
Search vendor "Microsoft" for product "Windows Server 2008"
r2
Search vendor "Microsoft" for product "Windows Server 2008" and version "r2"
x64
Safe