Microsoft Outlook Express POP Denial of Service Vulnerability

Medium Nessus Network Monitor Plugin ID 1292

Synopsis

The remote host is vulnerable to a Denial of Service (DoS) attack

Description

The remote host is running a version of Outlook Express that is vulnerable to a DoS attack whereby a malicious message sent to the users mailbox will halt POP mail download. This vulnerability results from Outlook incorrectly processing escaped '.' as EOM markers when the dots are contained in separate IP datagrams.

Solution

Upgrade to the latest version.

Plugin Details

Severity: Medium

ID: 1292

File Name: 1292.prm

Family: SMTP Clients

Published: 2004/08/20

Modified: 2016/02/05

Dependencies: 1332

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 4.3

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:F/RL:U/RC:ND

CVSSv3

Base Score: 3.6

Temporal Score: 3.5

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS3#E:F/RL:U/RC:X

Vulnerability Information

CPE: cpe:/a:microsoft:outlook_express

Reference Information

CVE: CVE-1999-1033

BID: 252