Overview
There is a vulnerability in the way Microsoft Outlook handles malformed email messages that may allow a remote, unauthenticated attacker to cause a denial of service.
Description
Microsoft Outlook contains a vulnerability in the way that it handles certain email message headers. According to Microsoft Security Bulletin MS07-003: An attacker who successfully exploited the vulnerability could send a malformed e-mail to a user of Outlook that would cause the Outlook client to fail under certain circumstances. The Outlook client would continue to fail so long as the malformed e-mail message remained on the e-mail server. The e-mail message could be deleted by an e-mail administrator, or by the user via another e-mail client such as Outlook Web Access or Outlook Express, after which point the Outlook client would again function normally. |
Impact
A remote, unauthenticated attacker may be able to cause a denial of service. |
Solution
Apply Update |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- http://www.microsoft.com/technet/security/Bulletin/MS07-003.mspx
- http://support.microsoft.com/kb/925542/
- http://support.microsoft.com/kb/931270/
- http://support.microsoft.com/kb/925938
- http://secunia.com/advisories/23674/
- http://securitytracker.com/alerts/2007/Jan/1017488.html
- http://www.securityfocus.com/bid/21937
Acknowledgements
This issue is addressed in Microsoft Security Bulletin MS07-003.
This document was written by Chris Taschner.
Other Information
| CVE IDs: | CVE-2006-1305 |
| Severity Metric: | 4.10 |
| Date Public: | 2007-01-09 |
| Date First Published: | 2007-01-12 |
| Date Last Updated: | 2007-01-26 13:47 UTC |
| Document Revision: | 28 |