Microsoft Outlook / Outlook Express GMT Field Buffer Overflow Vulnerability

Microsoft Outlook / Outlook Express GMT Field Buffer Overflow Vulnerability

Solution:
Filters have been made for Sendmail and Postfix to deal with this issue. See the Bugtraq posts in the Credit section for more information.

This vulnerability may be resolved through installing Internet Explorer 5.01 SP1 or Internet Explorer 5.5 on systems other than Microsoft Windows 2000.

Vulnerable users of Windows 2000 may resolve this issue by installing Windows 2000 Service Pack 1.

It has been reported that customers installing the patches on versions of Internet Explorer other than 4.01 SP2 or 5.01 may receive the message 'This update does not need to be installed on this system' when the patch is in fact required. Users are advised to install the patch regardless.

Patches are available for some systems:

Microsoft Outlook Express 4.0.1 SP2

Microsoft q261255.exe
http://download.microsoft.com/download/ie4095/secpach9/4.01_SP2/W9XNT4 /EN-US/q261255.exe

Microsoft Outlook Express 5.0.1

Microsoft q261255.exe
http://download.microsoft.com/download/ie501/secpach9/5.01/WIN98/EN-US /q261255.exe