Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4840


Vulnerability Score 4.3 4.3
CVE Id CVE-2005-4840
Last Modified 29 Oct 2010 12:00:00
Published 31 Dec 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



The Outlook Express Address Book control, when using Internet Explorer 6, allows remote attackers to cause a denial of service (NULL dereference and browser crash) by creating the OutlookExpress.AddressBook COM object, which is not intended for use within Internet Explorer.

Vulnerable Systems


  • Microsoft Outlook Express Book Control


XF - outlook-addressbook-activex-dos(34755)

BUGTRAQ - 20070606 IE 6 / MS Office Outlook Express Address Book Activex DoS

BUGTRAQ - 20050301 IObjectSafety and Internet Explorer

OSVDB - 26836


Last Updated: 27 May 2016 10:41:28