Microsoft Outlook Express Denial of Service Vulnerability

vendor:

Outlook Express

by:

SecurityFocus

7.5

CVSS

HIGH

Denial of Service

400

CWE

Product Name: Outlook Express

Affected Version From: Outlook Express 5.0

Affected Version To: Outlook Express 6.0

Patch Exists: YES

Related CWE: N/A

CPE: a:microsoft:outlook_express

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2002

Microsoft Outlook Express Denial of Service Vulnerability

A denial of service issue has been reported in Microsoft Outlook Express. Reportedly, Outlook Express does not adequately handle unusually crafted HTML mail messages. Modifying the BGSOUND or IFRAME tag to contain a URL pointing to a DOS device, could cause Outlook Express to stop responding. Under certain circumtances this issue may cause the system to consume CPU time. Varying results have been reported when data is sent directly to a device, such as a denial of service, hardware failure, information disclosure or unauthorized device access.

Mitigation:

Users should exercise caution when opening HTML mail messages from untrusted sources.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/4584/info

A denial of service issue has been reported in Microsoft Outlook Express.

Reportedly, Outlook Express does not adequately handle unusually crafted HTML mail messages. Modifying the BGSOUND or IFRAME tag to contain a URL pointing to a DOS device, could cause Outlook Express to stop responding.

Under certain circumtances this issue may cause the system to consume CPU time.

Varying results have been reported when data is sent directly to a device, such as a denial of service, hardware failure, information disclosure or unauthorized device access.

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/21419-1.eml

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/21419-2.eml