===================================================================== CERT-Renater Note d'Information No. 2005/VULN378 _____________________________________________________________________ DATE : 15/06/2005 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running Outlook Express. ====================================================================== http://www.microsoft.com/technet/security/Bulletin/MS05-030.mspx MS05-030 - Cumulative Security Update for Outlook Express (897715) - Affected Software: - Windows 2000 Service Pack 3 - Windows 2000 Service Pack 4 - Windows XP Service Pack 1 - Windows XP Service Pack 2 - Windows XP 64-Bit Edition Service Pack 1 (Itanium) - Windows XP 64-Bit Edition Version 2003 (Itanium) - Windows Server 2003 - Windows Server 2003 for Itanium-based Systems - Impact: Remote Code Execution - Version Number: 1.0 - From the Microsoft Security Bulletin MS05-030: Vulnerability Details Outlook Express News Reading Vulnerability - CAN-2005-1213 A remote code execution vulnerability exists in Outlook Express when it is used as a newsgroup reader. An attacker could exploit the vulnerability by constructing a malicious newsgroup server that could that potentially allow remote code execution if a user queried the server for news. An attacker who successfully exploited this vulnerability could take complete control of an affected system. However, user interaction is required to exploit this vulnerability. ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================