CVE-2005-4840

medium Microsoft
CVSS v3 Base Score
4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P
EPSS Score
32.8%
Exploitation probability in 30 days
Top 3% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
M
Confidentiality
None
Integrity
None
Availability
P
Published: December 31, 2005 (7439 days ago)
Last Modified: April 16, 2026
Vendor: Microsoft
Source: NVD

Description

The Outlook Express Address Book control, when using Internet Explorer 6, allows remote attackers to cause a denial of service (NULL dereference and browser crash) by creating the OutlookExpress.AddressBook COM object, which is not intended for use within Internet Explorer.

CWE

CWE-119

Affected Products

microsoft outlook express book control

References

🔗 browserfun.blogspot.com 🔗 www.osvdb.org 🔗 www.securityfocus.com 🔗 www.securityfocus.com 🔗 exchange.xforce.ibmcloud.com