CVE-2007-3897 — HIGH (9.3) — White Hats Nepal

Q: How severe is CVE-2007-3897?

CVE-2007-3897 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2007-3897?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Outlook Express, Microsoft Windows Mail.

Vulnerability Description

Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption.

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Microsoft	Outlook Express	<= 6.0
Microsoft	Windows Mail	-

Related Weaknesses (CWE)

CWE-119

References

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=607Broken Link
http://secunia.com/advisories/27112Third Party Advisory
http://securitytracker.com/id?1018785Third Party AdvisoryVDB Entry
http://securitytracker.com/id?1018786Third Party AdvisoryVDB Entry
http://www.securityfocus.com/archive/1/481983/100/100/threadedThird Party AdvisoryVDB Entry
http://www.securityfocus.com/archive/1/482366/100/0/threadedThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/25908Third Party AdvisoryVDB Entry
http://www.us-cert.gov/cas/techalerts/TA07-282A.htmlThird Party AdvisoryUS Government Resource
http://www.vupen.com/english/advisories/2007/3436Permissions RequiredThird Party Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-05PatchVendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Third Party Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=607Broken Link
http://secunia.com/advisories/27112Third Party Advisory
http://securitytracker.com/id?1018785Third Party AdvisoryVDB Entry
http://securitytracker.com/id?1018786Third Party AdvisoryVDB Entry

FAQ

What is CVE-2007-3897?

CVE-2007-3897 is a vulnerability with a CVSS score of 9.3 (HIGH). Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP r...

How severe is CVE-2007-3897?

CVE-2007-3897 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-3897?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Outlook Express, Microsoft Windows Mail.