Skip navigation
Menu
Collaboration>Email and Calendaring

Unchecked Buffer in Microsoft Outlook Express's S/MIME Parser

Reported October 10, 2002, by Microsoft.

 

 

VERSION AFFECTED

 

·         Microsoft Outlook Express 6.0

·         Microsoft Outlook Express 5.5

 

 

DESCRIPTION

 

A buffer overrun vulnerability exists in Outlook Express’s S/MIME parser that can lead to the execution of arbitrary code on the vulnerable system. This vulnerability stems from a vulnerability in the code that generates a warning message when a particular error condition associated with digital signatures occurs. By creating a digitally signed email and editing it to introduce specific data and sending it to another user, an attacker can cause the vulnerable mail client to fail or execute arbitrary code.

 

VENDOR RESPONSE

 

The vendor, Microsoft, has released Security Bulletin MS02-058 (Unchecked Buffer in Outlook Express S/MIME Parsing Could Enable System Compromise) to address this vulnerability and recommends that affected users immediately apply the patch mentioned in the bulletin.

 

CREDIT

Discovered by Noam Rathaus of Beyond Security Ltd

TAGS: Security
Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
zoom logo
Zoom Releases New AI-Powered Collaboration Platform—Zoom Workspace—Plus Other Updates
Mar 26, 2024
person working from home using smart phone and notebook computer
Monitoring Employee Productivity, Balance Surveillance with Transparency
Jan 03, 2024
zoom logo on screens of laptop and smartphone device.jpg
At Zoomtopia, Small Businesses Share Transformation Stories
Oct 12, 2023
zoom logo
Zoom Unveils Docs, Upgrades Contact Center Offerings
Oct 03, 2023