Vulnerability Details CVE-2005-4840
The Outlook Express Address Book control, when using Internet Explorer 6, allows remote attackers to cause a denial of service (NULL dereference and browser crash) by creating the OutlookExpress.AddressBook COM object, which is not intended for use within Internet Explorer.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.283
EPSS Ranking 96.3%
CVSS Severity
CVSS v2 Score 4.3
References
- http://browserfun.blogspot.com/2006/07/mobb-3-outlookexpressaddressbook_02.html
- http://www.osvdb.org/26836
- http://www.securityfocus.com/archive/1/391803
- http://www.securityfocus.com/archive/1/470694/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34755
- http://browserfun.blogspot.com/2006/07/mobb-3-outlookexpressaddressbook_02.html
- http://www.osvdb.org/26836
- http://www.securityfocus.com/archive/1/391803
- http://www.securityfocus.com/archive/1/470694/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34755
Products affected by CVE-2005-4840
-
cpe:2.3:a:microsoft:internet_explorer:6
-
cpe:2.3:a:microsoft:outlook_express_book_control:*