Follow:

Policy:Win/POP3.Outlook.RCE!CAN-2002-1255

Severity rating
Moderate

Class/Type
Policy

Discovered date
2002-12-04T00:00:00

Attack vector
Remote

Authentication required
No

Public exploits available
Yes

Signature detection
Medium



On this page




Description

Microsoft Outlook provides users with the ability to work with e-mail, contacts, tasks, and appointments. Outlook e-mail handling includes receiving, displaying, creating, editing, sending, and organizing e-mail messages. When working with received e-mail messages, Outlook processes information contained in the header of the e-mail which carries information about where the e-mail came from, its destination, and attributes of the message. A vulnerability exists in Outlook 2002 in its processing of e-mail header information. An attacker who successfully exploited the vulnerability could send a specially malformed e-mail to a user of Outlook 2002 that would cause the Outlook client to fail under certain circumstances. The Outlook 2002 client would continue to fail so long as the specially malformed e-mail message remained on the e-mail server. The e-mail message could be deleted by an e-mail administrator, or by the user via another e-mail client such as Outlook Web Access or Outlook Express, after which point the Outlook 2002 client would again function normally.



Impact

An attacker could attempt to exploit this vulnerability by sending a specially malformed e-mail message to a user who uses Outlook 2002 to access an e-mail server via the POP3, IMAP, or WebDAV protocol. Upon connecting to the server and processing the email, the Outlook client would fail. The user would be unable to access e-mail on the e-mail server until the specially malformed e-mail message is removed.



Technical details (analysis)

Microsoft Outlook, which ships as part of Microsoft Office, provides users with the ability to work with e-mail, contacts, tasks, and appointments. Using Outlook for handling e-mail includes the ability to receive, display, create, edit, send, and organize e-mail messages.



Affected software

Microsoft Outlook 2002



Non-affected software

All the applications which are not in the affected applications.



References




Solutions




NIS signature

Name: Policy:Win/POP3.Outlook.RCE!CAN-2002-1255
Release Date: 2002-12-04T00:00:00



Known false positives

This signature can cause false positives if you are not running any of the affected software versions or if you've already applied the patch .



Work-arounds

Outlook 2002 clients connecting to e-mail servers using the MAPI protocol are not affected.
The vulnerability does not affect Outlook 2000 or Outlook Express.
The vulnerability is a denial of service vulnerability only. The attacker would not be able to access the user's e-mail or system in any way. The vulnerability could not be used to read, delete, create, or alter the user's e-mail.
If an attacker was able to send a specially malformed e-mail that successfully exploited this vulnerability, the specially malformed e-mail could be deleted either by an e-mail administrator, or by the user via another e-mail client such as Outlook Web Access or Outlook Express. Once the specially malformed e-mail has been removed, normal operation would resume.