Spyware Doctor
Spyware Doctor with AntiVirus
PC Tools AntiVirus
PC Tools Internet Security
PC Tools Firewall Plus
ThreatFire
Spam Monitor
Registry Mechanic
Desktop Maestro
File Recover
Privacy Guardian
Spyware Doctor Enterprise
Help me choose
Malformed E-mail Header Vulnerability
A security vulnerability exists in Microsoft® Outlook® and Outlook Express that under certain conditions could allow a malicious user to cause code of his choice to execute on another user's computer.
Issue
A component shared by Outlook and Outlook Express, Inetcomm.dll, contains an unchecked buffer in the functionality that parses e-mail headers when downloading mail via either POP3 or IMAP4. By sending an e-mail that overruns the buffer, a malicious user could cause either of two effects to occur when the mail was downloaded from the server by an affected e-mail client:
- If the affected field were filled with random data, the e-mail could be made to crash.
- If the affected field were filled with carefully-crafted data, the e-mail client could be made to run code of the malicious user's choice.
The vulnerability affects all Outlook Express users and all Outlook users whose mail clients are configured to use either POP3 or IMAP4. Outlook users who have configured Outlook to use only MAPI services are unlikely to be affected by the vulnerability.
Affected Products
- Microsoft Outlook Express 4.x & 5.x, Outlook 98 and 2000
Download
Patch: http://www.microsoft.com/windows/ie/download/critical/patch9.htm
Further Details
Source: Microsoft Corporation
Reference: Microsoft Corporation
Updated: July 23, 2000
>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<
