Follow:

Vulnerability:Win/OutlookExpress.Headers.DoS!CAN-2004-0215

Severity rating
Moderate

Class/Type
Vulnerability

Discovered date
2004-07-13T00:00:00

Attack vector
Remote

Authentication required
No

Public exploits available
Yes

Signature detection
Medium



On this page




Description

A denial of service vulnerability exists in Outlook Express because of a lack of robust verification for malformed e-mail headers.



Impact

An attacker who successfully exploited this vulnerability could cause Outlook Express to fail unexpectedly.



Technical details (analysis)

Mail servers and clients must have information that tells them how to process incoming and outgoing e-mail messages. This information is provided in header fields within the e-mail message. Examples of the type of information that is contained in e-mail header fields include the sender's e-mail address, the recipient’s e-mail addresses, the time that the e-mail was sent, and the name of the mail server that received the e-mail message. The content disposition type header in the MIME protocol implemenatation of MS outlook has a vulnerability that can be exploited with a crafted value for this field.



Affected software

Microsoft Outlook Express 5.5 Service Pack 2
Microsoft Outlook Express 6
Microsoft Outlook Express 6 Service Pack 1
Microsoft Outlook Express 6 Service Pack 1 (64 bit Edition)
Microsoft Outlook Express 6 on Windows Server 2003
Microsoft Outlook Express 6 on Windows Server 2003 (64 bit edition)



Non-affected software

All those not listed in affected software list.



References




Solutions




NIS signature

Name: Vulnerability:Win/OutlookExpress.Headers.DoS!CAN-2004-0215
Release Date: 2004-07-13T00:00:00



Known false positives

No known false positives at this time.



Work-arounds

Disable the preview pane.