Outlook Express - Windows Mail - Windows Live Mail - critical vulnerability

Discussion in 'Computer Security' started by MEB, May 17, 2010.

  1. MEB

    MEB Guest

    The exploit vector apparently uses inetcomm.dll vulnerabilities. Other
    vulnerabilities [per previous/other] include various other base files.

    Examples of how this vulnerability might work or could affect your
    usage would include entering/accessing a site which opens the affected
    applications via server code or page inclusion, connecting to a forum or
    news server via email or NNTP, and similar situations wherein OE, WM,
    WLM, might be used or called.

    Present:

    Microsoft Security Bulletin MS10-030 - Critical
    Vulnerability in Outlook Express and Windows Mail Could Allow Remote
    Code Execution (978542)
    http://www.microsoft.com/technet/security/Bulletin/MS10-030.mspx

    MS10-030: Vulnerability in Outlook Express and Windows Mail could allow
    remote code execution
    http://support.microsoft.com/?kbid=978542


    Win9X:

    This issue comes to Win9X for a very simple reason, the base OE [and
    IE] files left/used may contain a [actually several] severe
    vulnerability{ies} which could allow the system to be taken over or
    otherwise hacked. Of course the updates offered are not compiled for use
    within Win9X since it is EOL/EOS.

    Any Win9X users that still use OE should review the prior issues and
    this present vulnerability, particularly as there is no necessity for
    elevation of privileges, or creation of new accounts. Any offered "proof
    of concept" exploits would/are designed for usage in systems which would
    require that activity [NTs] hence would likely fail in Win9X. That does
    not mean this might not still be accomplished without using the extra
    necessities for the NT based systems.

    --
    MEB
    http://peoplescounsel.org/ref/windows-main.htm
    Windows Info, Diagnostics, Security, Networking
    http://peoplescounsel.org
    The "real world" of Law, Justice, and Government
    ___---
     
    MEB, May 17, 2010
    #1
    1. Advertisements

  2. If you access your account's POP3 and SMTP servers via SSL in OE (or OL),
    your computer is not subject to this vulnerability.
     
    PA Bear [MS MVP], May 17, 2010
    #2
    1. Advertisements

  3. MEB

    Dan Guest

    Thanks for the posting MEB and thanks especially to Robear for the solution.
     
    Dan, May 18, 2010
    #3
  4. MEB

    mactilden

    Joined:
    Dec 22, 2010
    Messages:
    5
    Likes Received:
    0
    In all these there are several things can be possible That does
    not mean this might not still be accomplished without using the extra
    necessities for the NT based systems.
     
    mactilden, Dec 22, 2010
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.