Denial of Service in Microsoft Outlook Express

Reported July 13, 2004, by Microsoft


  • Microsoft Outlook Express

A Denial of Service (DoS) condition exists in Microsoft Outlook Express, which ships with all versions of Windows. This vulnerability is a result of a lack of robust verification for malformed email headers. A potential attacker could exploit this condition by sending a specially crafted email with malformed headers, thereby causing Outlook Express to fail. If the preview pane is enabled, the user would have to manually remove the message, then restart Outlook Express to resume functionality.

Microsoft has released bulletin MS04-018, "Cumulative Security Update for Outlook Express (823353)," to address this vulnerability and recommends that affected users apply the appropriate patch listed in the bulletin. This bulletin supersedes MS04-013.

Discovered by Microsoft.

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.