Vulnerability Details : CVE-2007-3897
Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption.
Vulnerability category: OverflowMemory CorruptionExecute code
Products affected by CVE-2007-3897
- cpe:2.3:a:microsoft:outlook_express:*:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:outlook_express:6.0:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:windows_mail:-:*:*:*:*:vista:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-3897
95.71%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-3897
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2007-3897
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-3897
-
http://www.securityfocus.com/bid/25908
Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/archive/1/482366/100/0/threaded
Third Party Advisory;VDB Entry
-
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=607
Broken Link
-
http://www.us-cert.gov/cas/techalerts/TA07-282A.html
Third Party Advisory;US Government Resource
-
http://www.securityfocus.com/archive/1/481983/100/100/threaded
Third Party Advisory;VDB Entry
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1706
Third Party Advisory
-
http://securitytracker.com/id?1018785
Third Party Advisory;VDB Entry
-
http://www.vupen.com/english/advisories/2007/3436
Permissions Required;Third Party Advisory
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-056
Patch;Vendor Advisory
-
http://securitytracker.com/id?1018786
Third Party Advisory;VDB Entry
Jump to