Microsoft Outlook Vcard DoS Vulnerability

Various versions of Microsoft Outlook is subject to a denial of service due to the handling of certain vcard fields.

If certain fields in a vcard(.vcf) contain over 75 characters and a user opens the file Outlook will stop responding. Outlook will prompt a user with a warning before importing and opening the vcard(.vcf) file, however if a user saves the file to a directory and proceeds to open it through explorer no warning will be given.

Affected fields which cause CPU utilization are as follows:
name:
nickname:
fn:
title:
title;language=value=text:
tel:
tel;<label>:
tel;<label>,<label>:

The following fields will cause Outlook 2000 to terminate:
email:
bday; value=date


 

Privacy Statement
Copyright 2010, SecurityFocus