Microsoft Outlook 98 / Outlook Express 4.x Long Filename Vulnerability

When the email client receives a malicious mail or news message that contains an attachment with a very long filename, it could cause the email client to shut down unexpectedly. These very long filenames do not normally occur in mail or news messages, and must be intentionally created by someone with malicious intent. A skilled hacker could use this malicious email message to run arbitrary computer code contained in the long string.

This issue can cause one of the following to occur when attempting to download, open or view an mail or news message in Microsoft Outlook 98 or Microsoft Outlook Express 4.x that has an attachment with a very long filename.

An error message similar to the following may be displayed: This program has performed an illegal operation and will be shut down. If the problem persists, contact the program vendor.

Outlook Express 4.01 for Microsoft Windows 3.1 and Windows NT 3.51 are not affected by this issue.


Privacy Statement
Copyright 2010, SecurityFocus