Microsoft Outlook Express And Windows Mail NNTP Protocol Heap Buffer Overflow Vulnerability

Bugtraq ID:	25908
Class:	Boundary Condition Error
CVE:	CVE-2007-3897
Remote:	Yes
Local:	No
Published:	Oct 09 2007 12:00AM
Updated:	Oct 17 2007 01:27AM
Credit:	Greg MacManus of VeriSign iDefense Labs is credited with the discovery of this vulnerability.
Vulnerable:	Nortel Networks Universal Access - IP 0 Nortel Networks Packet Transit - IP 0 Nortel Networks Integrated Access - Cable 0 Nortel Networks Circuit Switching 0 Nortel Networks Centrex IP Element Manager 0 Nortel Networks Centrex IP Client Manager Microsoft Windows Mail 0 + Microsoft Windows Vista 0 + Microsoft Windows Vista x64 Edition 0 Microsoft Outlook Express 6.0 SP1 + Microsoft Windows XP 64-bit Edition SP1 + Microsoft Windows XP 64-bit Edition SP1 + Microsoft Windows XP Home SP1 + Microsoft Windows XP Home SP1 + Microsoft Windows XP Professional SP1 + Microsoft Windows XP Professional SP1 Microsoft Outlook Express 6.0 + Microsoft Windows Server 2003 Datacenter Edition + Microsoft Windows Server 2003 Datacenter Edition + Microsoft Windows Server 2003 Datacenter Edition + Microsoft Windows Server 2003 Datacenter Edition Itanium 0 + Microsoft Windows Server 2003 Datacenter Edition Itanium 0 + Microsoft Windows Server 2003 Datacenter Edition Itanium 0 + Microsoft Windows Server 2003 Enterprise Edition + Microsoft Windows Server 2003 Enterprise Edition + Microsoft Windows Server 2003 Enterprise Edition + Microsoft Windows Server 2003 Enterprise Edition Itanium 0 + Microsoft Windows Server 2003 Enterprise Edition Itanium 0 + Microsoft Windows Server 2003 Enterprise Edition Itanium 0 + Microsoft Windows Server 2003 Itanium SP2 + Microsoft Windows Server 2003 Itanium SP2 + Microsoft Windows Server 2003 Itanium SP1 + Microsoft Windows Server 2003 Itanium SP1 + Microsoft Windows Server 2003 Standard Edition + Microsoft Windows Server 2003 Standard Edition + Microsoft Windows Server 2003 Standard Edition + Microsoft Windows Server 2003 Standard x64 Edition + Microsoft Windows Server 2003 Standard x64 Edition + Microsoft Windows Server 2003 Web Edition + Microsoft Windows Server 2003 Web Edition + Microsoft Windows Server 2003 Web Edition + Microsoft Windows Server 2003 x64 SP2 + Microsoft Windows Server 2003 x64 SP2 + Microsoft Windows XP 64-bit Edition + Microsoft Windows XP 64-bit Edition + Microsoft Windows XP Home + Microsoft Windows XP Home + Microsoft Windows XP Home + Microsoft Windows XP Media Center Edition SP2 + Microsoft Windows XP Media Center Edition SP2 + Microsoft Windows XP Media Center Edition + Microsoft Windows XP Media Center Edition + Microsoft Windows XP Media Center Edition + Microsoft Windows XP Professional + Microsoft Windows XP Professional + Microsoft Windows XP Professional + Microsoft Windows XP Professional x64 Edition SP2 + Microsoft Windows XP Professional x64 Edition SP2 + Microsoft Windows XP Tablet PC Edition SP2 + Microsoft Windows XP Tablet PC Edition SP2 + Microsoft Windows XP Tablet PC Edition + Microsoft Windows XP Tablet PC Edition Microsoft Outlook Express 5.5 SP2 + Microsoft Windows 2000 Advanced Server SP4 + Microsoft Windows 2000 Advanced Server SP4 + Microsoft Windows 2000 Advanced Server SP3 + Microsoft Windows 2000 Advanced Server SP3 + Microsoft Windows 2000 Datacenter Server SP4 + Microsoft Windows 2000 Datacenter Server SP4 + Microsoft Windows 2000 Datacenter Server SP3 + Microsoft Windows 2000 Datacenter Server SP3 + Microsoft Windows 2000 Professional SP4 + Microsoft Windows 2000 Professional SP4 + Microsoft Windows 2000 Professional SP3 + Microsoft Windows 2000 Professional SP3 + Microsoft Windows 2000 Server SP4 + Microsoft Windows 2000 Server SP4 + Microsoft Windows 2000 Server SP3 + Microsoft Windows 2000 Server SP3 + Microsoft Windows ME + Microsoft Windows ME HP Storage Management Appliance III HP Storage Management Appliance II HP Storage Management Appliance I HP Storage Management Appliance 2.1 + HP Storage Management Appliance III + HP Storage Management Appliance II + HP Storage Management Appliance I

Not Vulnerable: