Reported July 13, 2004, by
Microsoft
VERSIONS AFFECTED
- Microsoft Outlook
Express
|
DESCRIPTION
A Denial of Service (DoS) condition exists in Microsoft Outlook Express, which ships
with all versions of Windows. This vulnerability is a result of a lack of
robust verification for malformed email headers. A potential attacker could
exploit this condition by sending a specially crafted email with malformed
headers, thereby causing Outlook Express to fail. If the preview pane is
enabled, the user would have to manually remove the message, then restart
Outlook Express to resume functionality.
VENDOR RESPONSE
Microsoft has released
bulletin MS04-018, "Cumulative Security Update for Outlook
Express (823353)," to address this vulnerability and recommends that
affected users apply the appropriate patch listed in the bulletin. This
bulletin supersedes MS04-013.
CREDIT
Discovered by Microsoft.