Microsoft Outlook Express Malformed Email Header Denial Of Service Vulnerability

2004-07-13T00:00:00
ID SMNTC-10711
Type symantec
Reporter Symantec Security Response
Modified 2004-07-13T00:00:00

Description

Description

Microsoft Outlook Express is prone to a security vulnerability when processing emails with malformed header data. A remote attacker may potentially exploit this issue to cause a persistent denial of service in the email client. This issue is only reported to affect Outlook Express 6.0 on Windows XP platforms.

Technologies Affected

  • Avaya DefinityOne Media Servers
  • Avaya IP600 Media Servers
  • Avaya S3400 Message Application Server
  • Avaya S8100 Media Servers
  • Microsoft Outlook Express 6.0

Recommendations

Do not accept communications that originate from unknown or untrusted sources.
Users should be wary of opening email messages that arrive unexpected, have suspicious properties, or originate from an unknown or suspicious source.

Microsoft has released a security bulletin that includes fixes to address this issue. This security bulletin also provides cumulative patches for non-affected versions that contain various security enhancements. Users are advised to install the applicable cumulative patches even if they are running a version of Outlook Express that is not affected by the vulnerability. Please see the attached bulletin for further information. Avaya has released an advisory that acknowledges this vulnerability for Avaya products. Avaya advise that customers follow the Microsoft recommendations to address this issue. Please see the referenced Avaya advisory at the following location for further details: http://support.avaya.com/japple/css/japple?temp.groupID=128450&temp.selectedFamily=128451&temp.selectedProduct=154235&temp.selectedBucket=126655&temp.feedbackState=askForFeedback&temp.documentID=197331&PAGE=avaya.css.CSSLvl1Detail&executeTransaction=avaya.css.UsageUpdate()