• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft Outlook Vcard DoS Vulnerability

Various versions of Microsoft Outlook is subject to a denial of service due to the handling of certain vcard fields.

If certain fields in a vcard(.vcf) contain over 75 characters and a user opens the file Outlook will stop responding. Outlook will prompt a user with a warning before importing and opening the vcard(.vcf) file, however if a user saves the file to a directory and proceeds to open it through explorer no warning will be given.

Affected fields which cause CPU utilization are as follows:
name:
nickname:
fn:
title:
title;language=value=text:
tel:
tel;<label>:
tel;<label>,<label>:

The following fields will cause Outlook 2000 to terminate:
email:
bday; value=date