The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Microsoft Windows Mail

vulnerability alert CVE-2011-2016

Windows Mail, Meeting Space: code execution via DLL Preload

Synthesis of the vulnerability

An attacker can create a malicious DLL and invite the victim to open a document in the same directory, in order to execute code.
Severity: 2/4.
Creation date: 08/11/2011.
Identifiers: 2620704, BID-50507, CERTA-2011-AVI-623, CVE-2011-2016, MS11-085, VIGILANCE-VUL-11135.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Windows Mail and Windows Meeting Space programs load a DLL library when they start.

However, the library is loaded insecurely. An attacker can thus use the VIGILANCE-VUL-9879 vulnerability to execute code.

An attacker can therefore create a malicious DLL and invite the victim to open a document (.eml, .wcinv, etc.) in the same directory, in order to execute code.
Full Vigil@nce bulletin... (Free trial)

cybersecurity weakness CVE-2010-0816

Outlook Express, Windows Mail: code execution

Synthesis of the vulnerability

An attacker can setup a malicious POP/IMAP server, and invite the victim to connect with Outlook Express or Windows Mail, in order to execute code on his computer.
Severity: 3/4.
Creation date: 11/05/2010.
Identifiers: 978542, BID-39927, CERTA-2010-AVI-205, CVE-2010-0816, MS10-030, VIGILANCE-VUL-9635.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Outlook Express or Windows Mail messaging clients can connect to servers implementing the POP or IMAP protocol.

The POP or IMAP protocol can be used to know the number of messages stored on the server, via the STAT command for example. However, when Outlook Express or Windows Mail client receives this number, it does not check it before allocating a memory area. A POP/IMAP server can therefore return a high message number, in order to corrupt the memory of the Windows client.

An attacker can therefore setup a malicious POP/IMAP server, and invite the victim to connect with Outlook Express or Windows Mail, in order to execute code on his computer.
Full Vigil@nce bulletin... (Free trial)

security weakness CVE-2008-5424 CVE-2008-5425 CVE-2008-5426

MIME: denial of service by encapsulation

Synthesis of the vulnerability

An attacker can create an email containing deep MIME encapsulations in order to create a denial of service in several applications.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 5.
Creation date: 09/12/2008.
Identifiers: BID-32702, CVE-2008-5424, CVE-2008-5425, CVE-2008-5426, CVE-2008-5427, CVE-2008-5428, VIGILANCE-VUL-8296.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An email can contain several parts separated by MIME headers. Each part can also contain data encapsulated with MIME headers.

Some software do not limit the number of encapsulation. An attacker can therefore send an email containing several thousand parts in order to create a denial of service.

Here is a list of impacted software:
  Microsoft Outlook Express 6
  Opera Version: 9.51
  Norton Internet Security Version 15
  Kaspersky Internet Security 2009

This vulnerability type is old, and has for example impacted Sendmail (VIGILANCE-VUL-5924) and ClamAV (VIGILANCE-VUL-6398).
Full Vigil@nce bulletin... (Free trial)

vulnerability 7726

Outlook, Windows Mail, Office: HTTP connection via X.509

Synthesis of the vulnerability

An attacker can use a malicious X.509 certificate in order to force a program to send a HTTP query.
Severity: 1/4.
Creation date: 02/04/2008.
Identifiers: AKLINK-SA-2008-002, AKLINK-SA-2008-003, AKLINK-SA-2008-004, BID-28548, VIGILANCE-VUL-7726.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

A X.509 certificate can contain a url pointing to the intermediate Certification Authority certificate. This feature is available in software implementing the "caIssuers" extension (Outlook 2007, Windows Mail 2008, Office 2007).

An attacker can send a certificate containing a url pointing to the http://site/ website. When the software tries to check to certificate, it thus send a HTTP query to the indicated web site.

This vulnerability can for example be used to trace a user by detecting connections to http://site/.
Full Vigil@nce bulletin... (Free trial)

security vulnerability CVE-2007-3897

Outlook Express, Windows Mail: buffer overflow via NNTP

Synthesis of the vulnerability

An attacker can setup a malicious NNTP server in order to execute code on computer of victims who connect to this server.
Severity: 4/4.
Creation date: 10/10/2007.
Revision date: 16/10/2007.
Identifiers: 941202, BID-25908, CERTA-2007-AVI-431, CVE-2007-3897, MS07-056, VIGILANCE-VUL-7218.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Outlook Express and Windows Mail messaging clients implement the NNTP (Network News Transfer Protocol) protocol. When user clicks on a "nntp:", "news:" or "snews:" uri, the messaging client is launched. This client can also be called when a HTML page with an image with a such uri is displayed.

The NNTP protocol uses an exchange of queries and responses. For example:
  response : 200 serveur
  query : GROUP g.g.g
  response : 211 1 1003 1265 g.g.g
  query : XHDR subject 1003-1265
  response: subject of requested range
  etc.
This exchange occurs when client connects to server, without having to wait for user to enter a login for example.

However, when size of XHDR response is too long, a buffer overflow occurs in Outlook Express or Windows Mail. This overflow leads to code execution.

An attacker can therefore invite victim to connect to a NNTP server or to display a malicious HTML page in order to execute code on his computer.
Full Vigil@nce bulletin... (Free trial)

cybersecurity weakness CVE-2006-2111 CVE-2007-1658 CVE-2007-2225

OE, Windows Mail: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities of Outlook Express or Windows Mail lead to information disclosure or to code execution.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 4.
Creation date: 13/06/2007.
Revision date: 22/06/2007.
Identifiers: 929123, BID-17717, BID-23103, BID-24392, BID-24410, CERTA-2007-AVI-259, CVE-2006-2111, CVE-2007-1658, CVE-2007-2225, CVE-2007-2227, MS07-034, VIGILANCE-VUL-6907, VU#682825, VU#783761.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Outlook Express or Windows Mail.

An attacker can create a website using a redirection and a mhtml: uri in order to access data of another web site (VIGILANCE-VUL-6253). [severity:3/4; BID-17717, BID-24392, CERTA-2007-AVI-259, CVE-2006-2111, VU#783761]

When user clicks on a command which has the same name as a directory, it is executed without warning (VIGILANCE-VUL-6679). [severity:3/4; BID-23103, CVE-2007-1658]

When victim clicks on a MHTML link, zone restrictions can be bypassed. [severity:3/4; CVE-2007-2225, VU#682825]

When victim clicks on a MHTML link, the download dialog box can be bypassed, by using a special Content-Disposition header. [severity:3/4; BID-24410, CVE-2007-2227]
Full Vigil@nce bulletin... (Free trial)

computer threat CVE-2007-1658

Windows Mail: command execution

Synthesis of the vulnerability

When user clicks on a command which has the same name as a directory, it is executed without warning.
Severity: 1/4.
Creation date: 23/03/2007.
Identifiers: 929123, BID-23103, CVE-2007-1658, MS07-034, VIGILANCE-VUL-6679.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

When user receives an email containing a link to a local program, and clicks on this link, a warning dialog is displayed in Windows Mail client.

However, when a directory with the same name exists, there is no warning dialog.

For example, Windows Vista creates following commands and directories:
 - Windows Remote Management :
    c:/windows/system32/winrm/
    c:/windows/system32/winrm.cmd
 - Migration Wizard :
    c:/windows/system32/migwiz/
    c:/windows/system32/migwiz.cmd

An attacker can therefore invite user to click on a link to automatically start these softwares. Currently, no way to give parameters to program has been found.
Full Vigil@nce bulletin... (Free trial)

computer weakness bulletin CVE-2006-2111

Outlook Express, Internet Explorer: access to data of another site via mhtml

Synthesis of the vulnerability

An attacker can create a website using a redirection and a mhtml: uri in order to access data of another web site.
Severity: 2/4.
Creation date: 26/10/2006.
Revision date: 27/10/2006.
Identifiers: 929123, BID-17717, CVE-2006-2111, MS07-034, VIGILANCE-VUL-6253.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The extensions of MHTML type (MIME HTML) are installed with Outlook Express, and then become available to other softwares such as Internet Explorer. So, when a HTML document contains a "mhtml:" uri, Internet Explorer calls Outlook Express.

Outlook Express does not correctly check the source of the document. When a HTTP redirection is used, the document is opened in the context of the new website.

This vulnerability therefore permits an attacker to access to information of site, as seen by the user.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.