Title: Microsoft Outlook Express for Macintosh Buffer Overflow Vulnerability
Severity: HIGH
Description:
Versions of Microsoft Outlook Express for Macintosh is vulnerable to a buffer overflow condition.
If a malicious user sends a specially crafted email containing an unusually long line in the message body, a stack overflow will reportedly occur making arbitrary code execution possible. Sending random data could cause the application to crash.
An attacker may be able to replace a return address on the stack and force the execution of malicious instructions placed in memory. This may result in the attacker gaining access to the victim's host.
A user may only have to download an offending email in order to become susceptible to an attack.
The attacker may cause a prolonged denial of service because the client will crash before being able to delete the malicious message on the mail server. The message will continue causing the client to crash each time mail is retrieved until either the administrator or another non-vulnerable client deletes it.
Affected Products:
- Microsoft Outlook Express for MacOS 5.0.0
- Microsoft Outlook Express for MacOS 5.0.1
- Microsoft Outlook Express for MacOS 5.0.2
References:
- Microsoft: Outlook Express for Macintosh Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
