MS04-018: Cumulative Security Update for Outlook Express (823353)

Medium Nessus Plugin ID 13643


It is possible to crash the remote email client.


The remote host is missing a cumulative security update for Outlook Express that fixes a denial of service vulnerability in the Outlook Express mail client.

To exploit this vulnerability, an attacker would need to send a malformed message to a victim on the remote host. The message will crash the version of Outlook, thus preventing the user from reading email.


Microsoft has released a set of patches for Outlook Express.

See Also

Plugin Details

Severity: Medium

ID: 13643

File Name: smb_nt_ms04-018.nasl

Version: $Revision: 1.36 $

Type: local

Agent: windows

Published: 2004/07/13

Modified: 2017/07/14

Dependencies: 18489, 57033

Risk Information

Risk Factor: Medium


Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Available: true

Exploit Ease: No exploit is required

Patch Publication Date: 2004/07/13

Vulnerability Publication Date: 2004/07/13

Reference Information

CVE: CVE-2004-0215

BID: 10711

OSVDB: 7793

CERT: 869640

MSFT: MS04-018

MSKB: 823353