CVE-2010-0816

Name of the Vulnerable Software and Affected Versions Microsoft Outlook Express versions 5.5 SP2, 6, and 6 SP1 Windows Live Mail on Windows XP SP2 and SP3, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 Windows Mail on Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7

Description The issue allows remote e-mail servers and man-in-the-middle attackers to execute arbitrary code via a crafted POP3 or IMAP response. This can be demonstrated by a certain +OK response on TCP port 110.

Recommendations For Microsoft Outlook Express versions 5.5 SP2, 6, and 6 SP1, update to a newer version to mitigate the risk. For Windows Live Mail on Windows XP SP2 and SP3, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, update to a newer version to mitigate the risk. For Windows Mail on Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to the inetcomm.dll module until a patch is available. Avoid using the vulnerable POP3 and IMAP protocols in the affected email clients until the issue is resolved.