Buffer Overflow in Microsoft Outlook Express S/MIME Parsing
CVE-2002-1179

Currently unrated

Key Information:

Vendor: Microsoft
Status: Outlook Express
Vendor: CVE Published:; 28 October 2002

Summary

A buffer overflow vulnerability exists in the S/MIME parsing functionality of Microsoft Outlook Express 5.5 and 6.0. This flaw allows remote attackers to execute arbitrary code on a victim’s system by sending a specially crafted digital email. Specifically, a long 'From' address in the email can trigger the overflow when the user views or previews the message, potentially compromising the user's machine and data.

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.securityfocus.com/bid/5944

vdb-entryx_refsource_BID

http://marc.info/?l=ntbugtraq&m=103429681123297&w=2

mailing-listx_refsource_NTBUGTRAQ

EPSS Score

48% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 28, 2002
Vulnerability Reserved
Oct 4, 2002