CVE-2010-0816

Description

Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6 SP1; Windows Live Mail on Windows XP SP2 and SP3, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; and Windows Mail on Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote e-mail servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) POP3 or (2) IMAP response, as demonstrated by a certain +OK response on TCP port 110, aka Outlook Express and Windows Mail Integer Overflow Vulnerability.

Risk Information

Base Score

8.8

MODERATE

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score

Exploitation Probability

35.441

Associated Vulnerability

Vulnerability	OS Platform
ms10-030: vulnerability in outlook express and windows mail could allow remote code execution for Outlook Express 6.0 for Windows 2000 (KB978542)	Windows
ms10-030: vulnerability in outlook express and windows mail could allow remote code execution for Windows XP (KB978542) x86 based systems	Windows
ms10-030: vulnerability in outlook express and windows mail could allow remote code execution for Windows XP (KB978542) x86 based systems for SP3	Windows
ms10-030: vulnerability in outlook express and windows mail could allow remote code execution for Windows Server 2003 (KB978542)	Windows
ms10-030: vulnerability in outlook express and windows mail could allow remote code execution for Windows XP x64 Edition (KB978542)	Windows
ms10-030: vulnerability in outlook express and windows mail could allow remote code execution for Windows Server 2003 x64 Edition (KB978542)	Windows
ms10-030: vulnerability in outlook express and windows mail could allow remote code execution for Windows Vista (KB978542) x86 based systems	Windows
ms10-030: vulnerability in outlook express and windows mail could allow remote code execution for Windows Vista (KB978542) x86 based systems for SP2	Windows
ms10-030: vulnerability in outlook express and windows mail could allow remote code execution for Windows Server 2008 (KB978542) x86 based systems	Windows
ms10-030: vulnerability in outlook express and windows mail could allow remote code execution for Windows Server 2008 (KB978542) x86 based systems for SP2	Windows
ms10-030: vulnerability in outlook express and windows mail could allow remote code execution for Windows 7 (KB978542)	Windows
ms10-030: vulnerability in outlook express and windows mail could allow remote code execution for Windows Vista for x64-based Systems (KB978542)	Windows
ms10-030: vulnerability in outlook express and windows mail could allow remote code execution for Windows Vista for x64-based Systems (KB978542) for SP2	Windows
ms10-030: vulnerability in outlook express and windows mail could allow remote code execution for Windows Server 2008 x64 Edition (KB978542)	Windows
ms10-030: vulnerability in outlook express and windows mail could allow remote code execution for Windows Server 2008 x64 Edition (KB978542) for SP2	Windows
ms10-030: vulnerability in outlook express and windows mail could allow remote code execution for Windows 7 for x64-based Systems (KB978542)	Windows
ms10-030: vulnerability in outlook express and windows mail could allow remote code execution for Windows Server 2008 R2 x64 Edition (KB978542)	Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-8497	Security Update for Windows Server 2008 (KB978542)
PATCH-8498	Security Update for Windows Server 2008 (KB978542)
PATCH-8499	Security Update for Windows 7 (KB978542)
PATCH-8502	Security Update for Windows Server 2008 x64 Edition (KB978542)
PATCH-8503	Security Update for Windows Server 2008 x64 Edition (KB978542)
PATCH-8504	Security Update for Windows 7 for x64-based Systems (KB978542)
PATCH-8505	Security Update for Windows Server 2008 R2 x64 Edition (KB978542)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234