Reported February 22, 2001, by Microsoft.

VERSIONS AFFECTED
  • Microsoft Outlook¬†
  • Microsoft Outlook Express

DESCRIPTION

A buffer overflow has been discovered in the vCard handler of Microsoft Outlook and Outlook Express. By sending a specially crafted vCard, a malicious user can cause the mail client to fail and possibly launch arbitrary code.

VENDOR RESPONSE

Microsoft has released a security bulletin, MS01-012, and a patch to address the issue.

CREDIT
Discovered by @Stake.