Title: Microsoft Outlook Vcard DoS Vulnerability
Severity: MODERATE
Description:
Various versions of Microsoft Outlook is subject to a denial of service due to the handling of certain vcard fields.
If certain fields in a vcard(.vcf) contain over 75 characters and a user opens the file Outlook will stop responding. Outlook will prompt a user with a warning before importing and opening the vcard(.vcf) file, however if a user saves the file to a directory and proceeds to open it through explorer no warning will be given.
Affected fields which cause CPU utilization are as follows:
name:
nickname:
fn:
title:
title;language=value=text:
tel:
tel;<label>:
tel;<label>,<label>:
The following fields will cause Outlook 2000 to terminate:
email:
bday; value=date
Affected Products:
- Microsoft Office 2000
- Microsoft Outlook 2000
- Microsoft Outlook 98
References:
- Microsoft: Microsoft Outlook 2000 Product Page
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
