Reported December 4, 2002, by Microsoft.
VERSIONS AFFECTED
· Microsoft Outlook 2002
DESCRIPTION
A Denial of Service (DoS) vulnerability exists in Microsoft Outlook 2002. This vulnerability stems from a fault in the way Outlook 2002 processes email header information. To crash a vulnerable client, an attacker can send a message that contains specific header information. The client will remain affected until you delete the message from the server.
VENDOR RESPONSE
Microsoft has released Security Bulletin MS02-067, "E-mail Header Processing Flaw Could Cause Outlook 2002 to Fail (331866)," to address this vulnerability and recommends that affected users apply the appropriate patch mentioned in the bulletin.
CREDIT
Discovered by Richard Lawley.