Title: Multiple Vendor Buffer Overflow in MIME-aware Mail and News Clients Vulnerability
Severity: MODERATE
Description:
A buffer overflow exists in a number of MIME (Multi-purpose Internet Mail Extension) aware email clients that could possibly allow a would be attacker to execute arbitrary commands on the machine which the mail was delivered. It was not necessary in some situations to view the malicious piece of mail
A field in the MIME specification for mailing files contains the filename of the attached file. By carefully crafting a long filename, an attacker could overrun the end of a statically allocated buffer, and cause the remote machine to execute arbitrary commands. While a majority of the publicity surrounding this bug was directed towards the presence of this vulnerability in Netscape Navigator and Internet Explorer under Microsoft based operating systems, similar flaws existed in a number of other products and operating systems.
Fortunately, this vulnerability was discovered and fixed before it could cause any widespread damage. Due to its widespread nature, however, it is important to ensure that all mail clients that are suspect be brought up to their latest patch levels.
Affected Products:
- HP dtmail 1.2.0
- Microsoft Outlook 98
- Microsoft Outlook Express 4.27.3110
- Microsoft Outlook Express 4.72.2106
- Mutt Mutt 0.93.1 (i)
- Mutt Mutt 0.93.1 (i)
- Netscape Communicator 4.5.0
- Netscape Communicator 4.5.0
- Netscape Communicator 4.5.0 BETA
- Sun Solaris 2.5
- Sun Solaris 2.5.1
- Sun Solaris 2.6
- University of Washington Pine 4.0.2
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
