Microsoft Outlook Express and Windows Mail Vulnerability
 |
 |
 |
 |
 |
A remote code execution vulnerability has been reported in the way that Outlook Express, Windows Mail, and Windows Live Mail handles specially crafted mail responses. A remote attacker may exploit this vulnerability to take complete control of the affected system.
Outlook Express and Windows Mail are email clients included with Windows ME, XP, and Vista. Also affected is Windows Live Mail which is part of the Windows Live Essentials suite. The vulnerability is caused when a common library used by these email clients insufficiently validates network data before using that data to calculate the necessary size of a buffer. An attacker may exploit this issue via a specially crafted POP3 or IMAP response to execute arbitrary code on a vulnerable system.
Check Point provides immediate protection against this vulnerability through its integrated IPS offerings. Check Point SmartDefense and the IPS Software Blade detect and block malformed POP3 responses. For more information, see CPAI-2010-076.