Header Manipulation Vulnerability in Outlook Express by Microsoft
CVE-2002-0285

Currently unrated

Key Information:

Vendor: Microsoft
Status: Outlook Express
Vendor: CVE Published:; 31 May 2002

Summary

A vulnerability exists in Microsoft Outlook Express 5.5 and 6.0 on Windows where a carriage return ('CR') in a message header is incorrectly processed as a valid carriage return/line feed (CR/LF) pair. This flaw allows remote attackers to bypass virus protection and filtering mechanisms by crafting malicious email messages with headers that exclusively contain the CR. Consequently, Outlook Express creates separate headers, potentially leading to unauthorized access or other unintended behaviors.

References

http://www.iss.net/security_center/static/8198.php

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/4092

vdb-entryx_refsource_BID

http://marc.info/?l=bugtraq&m=101362077701164&w=2

mailing-listx_refsource_BUGTRAQ

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 31, 2002
Vulnerability Reserved
May 1, 2002