ISS X-Force Database: outlook-malformed-email-header-dos(16585): Microsoft Outlook Express malformed email header denial of service

Microsoft Outlook Express malformed email header denial of service

outlook-malformed-email-header-dos (16585)

Medium Risk

Description:

Microsoft Outlook Express is vulnerable to a denial of service attack. By sending an email with a malformed email header, a remote attacker could cause the recipient's email client to crash, once the victim attempts to open the malicious email.

Consequences:

Denial of Service

Remedy:

Apply the appropriate patch for your system, as listed in the latest Microsoft Security Bulletin. See References.

— OR —

Use Microsoft Automatic Update if it is supported by your operating system. The original bulletin issued by Microsoft has been superseded.

References:

Microsoft Security Bulletin MS04-018: Cumulative Security Update for Outlook Express (823353).
Microsoft Security Bulletin MS05-030: Cumulative Security Update in Outlook Express (897715).
Microsoft Security Bulletin MS06-016: Cumulative Security Update for Outlook Express (911567).
Microsoft Security Bulletin MS06-076: Cumulative Security Update for Outlook Express (923694).
Microsoft Security Bulletin MS07-034: Cumulative Security Update for Outlook Express and Windows Mail (929123).
Microsoft Security Bulletin MS07-056: Security Update for Outlook Express and Windows Mail (941202).
Microsoft Security Bulletin MS08-048: Security Update for Outlook Express and Windows Mail (951066).
Microsoft Security Bulletin MS10-030: Vulnerability in Outlook Express and Windows Mail Could Allow Remote Code Execution (978542).
BID-10711: Microsoft Outlook Express Malformed Email Header Denial Of Service Vulnerability
CVE-2004-0215: Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of service (application crash) via a malformed e-mail header.
US-CERT VU#869640: Microsoft Outlook Express fails to properly validate malformed e-mail headers

Platforms Affected:

Microsoft Outlook Express 5.5 SP2
Microsoft Outlook Express 6.0 SP1 x64
Microsoft Outlook Express 6.0
Microsoft Outlook Express 6.0 SP1

Reported:

Jul 13, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page