Alert: Microsoft Security Bulletin - MS02-067

From: Russ (Russ.Cooper@RC.ON.CA)
Date: 12/04/02

  • Next message: snsadv@LAC.CO.JP: "[SNS Advisory No.60] Windows XP Disclosure of Registered AP Information"
    Date:         Wed, 4 Dec 2002 16:40:31 -0500
    From: Russ <Russ.Cooper@RC.ON.CA>

    E-mail Header Processing Flaw Could Cause Outlook 2002 to Fail (331866)

    Originally posted: December 04, 2002


    Who should read this bulletin: Customers using Microsoft® Outlook 2002.

    Impact of vulnerability: Denial of Service

    Maximum Severity Rating: Moderate

    Recommendation: Customers should consider applying the patch.

    Affected Software:
    - Microsoft Outlook 2002

    End User Bulletin: An end user version of this bulletin is available at:

    Technical description:

    Microsoft Outlook provides users with the ability to work with e-mail, contacts, tasks, and appointments. Outlook e-mail handling includes receiving, displaying, creating, editing, sending, and organizing e-mail messages. When working with received e-mail messages, Outlook processes information contained in the header of the e-mail which carries information about where the e-mail came from, its destination, and attributes of the message.

    A vulnerability exists in Outlook 2002 in its processing of e-mail header information. An attacker who successfully exploited the vulnerability could send a specially malformed e-mail to a user of Outlook 2002 that would cause the Outlook client to fail under certain circumstances. The Outlook 2002 client would continue to fail so long as the specially malformed e-mail message remained on the e-mail server. The e-mail message could be deleted by an e-mail administrator, or by the user via another e-mail client such as Outlook Web Access or Outlook Express, after which point the Outlook 2002 client would again function normally.

    Mitigating factors:
    - Outlook 2002 clients connecting to e-mail servers using the MAPI protocol are not affected. Only Outlook 2002 clients using POP3, IMAP, or WebDAV protocols are vulnerable.
    - The vulnerability does not affect Outlook 2000 or Outlook Express.
    - The vulnerability is a denial of service vulnerability only. The attacker would not be able to access the user's e-mail or system in any way. The vulnerability could not be used to read, delete, create, or alter the user's e-mail.
    - If an attacker was able to send a specially malformed e-mail that successfully exploited this vulnerability, the specially malformed e-mail could be deleted either by an e-mail administrator, or by the user via another e-mail client such as Outlook Web Access or Outlook Express. Once the specially malformed e-mail has been removed, normal operation would resume.

    Vulnerability identifier: CAN-2002-1255

    This email is sent to NTBugtraq automatically as a service to my subscribers. Since its programmatically created, and since its been a long time since anyone paid actual money for my programming skills, it may or may not look that good...;-]

    I can only hope that the information it does contain can be read well enough to serve its purpose.

    Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor

    Delivery co-sponsored by TruSecure Corporation
    Demonstrate your knowledge and understanding of core IT Security, become
    TICSA certified.

    Are you responsible for IT security in job function, but not necessarily
    in title? Do you want to prove your IT security knowledge and increase
    opportunities? Interested? Visit;

    for more information.