Reported July 13, 2004, by Microsoft

VERSIONS AFFECTED

  • Microsoft Outlook Express

DESCRIPTION
A Denial of Service (DoS) condition exists in Microsoft Outlook Express, which ships with all versions of Windows. This vulnerability is a result of a lack of robust verification for malformed email headers. A potential attacker could exploit this condition by sending a specially crafted email with malformed headers, thereby causing Outlook Express to fail. If the preview pane is enabled, the user would have to manually remove the message, then restart Outlook Express to resume functionality.

VENDOR RESPONSE
Microsoft has released bulletin MS04-018, "Cumulative Security Update for Outlook Express (823353)," to address this vulnerability and recommends that affected users apply the appropriate patch listed in the bulletin. This bulletin supersedes MS04-013.

CREDIT
Discovered by Microsoft.