Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

IPS-1 Protection for Outlook NNTP Vulnerability (CVE-2007-3897/MS07-056)

Subscribe

Check Point Reference: CPAI-2007-204
Date Published:
Severity:
Source: iDefense Advisory
Industry Reference(s): CVE-2007-3897
Protection Provided by: IPS-1
  • IPS-1
Who is Vulnerable?
  • Outlook Express 5.5 SP2/Outlook Express 6 SP1 under Windows 2000 SP4
  • Outlook Express 6 under Windows XP, Windows XP Pro, Windows 2003 SP1-SP2
  • Windows Mail under Vista and Vista x64 Edition
Vulnerability Description

Several versions of Microsoft Outlook have vulnerabilities in their handling of NNTP headers that could result in arbitrary code execution.
Update/Patch Available
A patch is available through Microsoft.  See MS07-056 for more information.
Vulnerability Details

The Microsoft Outlook NNTP reader has a vulnerability in the handling of the response data to the "XHDR" command.  If a malicious server sends more items than were requested, this can trigger a heap overflow resulting in remote code execution.

Protection Overview

The NNTP2 protection group has been modified to provide detection/prevention for this attack.

To configure the defense, select your product from the list below and follow the related protection steps.

Additional Information
N/A

IPS-1

How Can I Protect My Network?
By updating the IPS-1 sensors on your network with the NNTP2 Protection Group, attempts to exploit this vulnerability will be detected/prevented.

How Do I Know if My Network is Under Attack?
An alert, the nntp2_outlook:outlook_cve_2007_3897_alert, is generated from the NNTP2 protection group when an attack is detected.