Microsoft Outlook Express POP Denial of Service Vulnerability

Medium Nessus Network Monitor Plugin ID 1292


The remote host is vulnerable to a Denial of Service (DoS) attack


The remote host is running a version of Outlook Express that is vulnerable to a DoS attack whereby a malicious message sent to the users mailbox will halt POP mail download. This vulnerability results from Outlook incorrectly processing escaped '.' as EOM markers when the dots are contained in separate IP datagrams.


Upgrade to the latest version.

Plugin Details

Severity: Medium

ID: 1292

File Name: 1292.prm

Family: SMTP Clients

Published: 2004/08/20

Modified: 2016/02/05

Dependencies: 1332

Risk Information

Risk Factor: Medium


Base Score: 4.3

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:F/RL:U/RC:ND


Base Score: 3.6

Temporal Score: 3.5


Temporal Vector: CVSS3#E:F/RL:U/RC:X

Vulnerability Information

CPE: cpe:/a:microsoft:outlook_express

Reference Information

CVE: CVE-1999-1033

BID: 252