Title: Microsoft Outlook 98 / Outlook Express 4.x Long Filename Vulnerability
Severity: MODERATE
Description:
When the email client receives a malicious mail or news message that contains an attachment with a very long filename, it could cause the email client to shut down unexpectedly. These very long filenames do not normally occur in mail or news messages, and must be intentionally created by someone with malicious intent. A skilled hacker could use this malicious email message to run arbitrary computer code contained in the long string.
This issue can cause one of the following to occur when attempting to download, open or view an mail or news message in Microsoft Outlook 98 or Microsoft Outlook Express 4.x that has an attachment with a very long filename.
An error message similar to the following may be displayed: This program has performed an illegal operation and will be shut down. If the problem persists, contact the program vendor.
Outlook Express 4.01 for Microsoft Windows 3.1 and Windows NT 3.51 are not affected by this issue.
Affected Products:
- Microsoft Outlook 98
- Microsoft Outlook Express 4.27.3110
- Microsoft Outlook Express 4.72.2106
- Microsoft Outlook Express 4.72.3120
- Microsoft Outlook Express 4.72.3612
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
