Public exploits available
On this page
Microsoft Outlook provides users with the ability to work with e-mail, contacts, tasks, and appointments. Outlook e-mail handling includes receiving, displaying, creating, editing, sending, and organizing e-mail messages. When working with received e-mail messages, Outlook processes information contained in the header of the e-mail which carries information about where the e-mail came from, its destination, and attributes of the message.
A vulnerability exists in Outlook 2002 in its processing of e-mail header information. An attacker who successfully exploited the vulnerability could send a specially malformed e-mail to a user of Outlook 2002 that would cause the Outlook client to fail under certain circumstances. The Outlook 2002 client would continue to fail so long as the specially malformed e-mail message remained on the e-mail server. The e-mail message could be deleted by an e-mail administrator, or by the user via another e-mail client such as Outlook Web Access or Outlook Express, after which point the Outlook 2002 client would again function normally.
An attacker could attempt to exploit this vulnerability by sending a specially malformed e-mail message to a user who uses Outlook 2002 to access an e-mail server via the POP3, IMAP, or WebDAV protocol. Upon connecting to the server and processing the email, the Outlook client would fail. The user would be unable to access e-mail on the e-mail server until the specially malformed e-mail message is removed.
Technical details (analysis)
Microsoft Outlook, which ships as part of Microsoft Office, provides users with the ability to work with e-mail, contacts, tasks, and appointments. Using Outlook for handling e-mail includes the ability to receive, display, create, edit, send, and organize e-mail messages.
Microsoft Outlook 2002
All the applications which are not in the affected applications.
Release Date: 2002-12-04T00:00:00
Known false positives
This signature can cause false positives if you are not running any of the affected software versions or if you've already applied the patch .
Outlook 2002 clients connecting to e-mail servers using the MAPI protocol are not affected.
The vulnerability does not affect Outlook 2000 or Outlook Express.
The vulnerability is a denial of service vulnerability only. The attacker would not be able to access the user's e-mail or system in any way. The vulnerability could not be used to read, delete, create, or alter the user's e-mail.
If an attacker was able to send a specially malformed e-mail that successfully exploited this vulnerability, the specially malformed e-mail could be deleted either by an e-mail administrator, or by the user via another e-mail client such as Outlook Web Access or Outlook Express. Once the specially malformed e-mail has been removed, normal operation would resume.