Running Arbitrary Code on Email Clients

Long File Names Allow Arbitrary Code to Run
Reported August 11, 1998 by Microsoft and NTBugTraq


  • Outlook 98 on Windows® 95, Windows 98 and Microsoft Windows NT® 4.0
  • Outlook Express 4.0, 4.01 (including 4.01 with Service Pack 1) on Windows 95, Windows 98 and Windows NT 4.0
  • Outlook Express 4.01 on Solaris
  • Outlook Express 4.01 on the Macintosh
  • Netscape Mail Clients


When the email client receives a malicious mail or news message that contains an attachment with a very long filename, it could cause the email client to shut down unexpectedly, or allow arbitrary code to execute on the client workstation. 


Microsoft Outlook 98
Customers using Microsoft Outlook 98 for Windows 95, Windows 98 or Windows NT 4.0 should download the updated Outlook 98 patch from Office Update at

Localized versions of the Outlook 98 patch will be released shortly.

Microsoft Outlook Express 4.x
If you are using Outlook Express 4.0 that comes with Internet Explorer 4.0 on Windows 95, Windows 98 or Windows NT 4.0, you must first upgrade to Internet Explorer 4.01 SP1 (, then install the Outlook Express updated patch listed below.

Customers using Microsoft Outlook Express 4.01 or 4.01 SP1 for Windows 95, Windows 98, Windows NT 4.0 or the Macintosh should download the available updated patch from the Internet Explorer security Web site, (

Windows 98 customers can also get the updated Outlook Express patch using the Windows Update feature of Windows 98. For more information, please visit the Windows Update site,

To learn more about NT Security concerns, subscribe to NTSD

- Originally reported by Microsoft
- Posted on The NT Shop on August 19, 1998

Copyright (C) 1998 - M.E. -- ALL RIGHTS RESERVED
Unauthorized duplication expressly prohibited

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.