E-mail Header Processing Flaw in Outlook 2002 New

A security vulnerability exists in Microsoft Outlook 2002 which could allow an attacker to send a specially malformed e-mail header which would cause the client to fail.

Issue

Microsoft Outlook provides users with the ability to work with e-mail, contacts, tasks, and appointments. Outlook e-mail handling includes receiving, displaying, creating, editing, sending, and organizing e-mail messages. When working with received e-mail messages, Outlook processes information contained in the header of the e-mail which carries information about where the e-mail came from, its destination, and attributes of the message.

A vulnerability exists in Outlook 2002 in its processing of e-mail header information. An attacker who successfully exploited the vulnerability could send a specially malformed e-mail to a user of Outlook 2002 that would cause the Outlook client to fail under certain circumstances. The Outlook 2002 client would continue to fail so long as the specially malformed e-mail message remained on the e-mail server. The e-mail message could be deleted by an e-mail administrator, or by the user via another e-mail client such as Outlook Web Access or Outlook Express, after which point the Outlook 2002 client would again function normally.

Affected Products

• Microsoft Outlook 2002

Download

Patch: http://office.microsoft.com/downloads/2002/olk1005.aspx

Further Details

Source: Microsoft Corporation

Reference: Microsoft Corporation

Updated: December 4, 2002

>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<