CERTA-2002-AVI-259

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans Outlook 2002 permet, par l'envoi d'un courrier électronique judicieusement composé, de réaliser un déni de service sur la machine cible.

Description

Cette vulnérabilité résulte d'une mauvaise gestion du traitement des en-têtes des courriers électroniques par Outlook 2002. Un utilisateur distant mal intentionné peut, par le biais d'un mél dont l'en-tête est judicieusement composée, provoquer l'arrêt brutal du programme sur la machine cible.

Solution

Appliquer le correctif disponible en téléchargement sur le site de Microsoft (cf. section Documentation).

Microsoft Outlook 2002.

Impacted products
Vendor Product Description
References
Bulletin Microsoft MS02-057 None vendor-advisory
Bulletin Microsoft : - other

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eMicrosoft Outlook 2002.\u003c/P\u003e",
  "content": "## Description\n\nCette vuln\u00e9rabilit\u00e9 r\u00e9sulte d\u0027une mauvaise gestion du traitement des\nen-t\u00eates des courriers \u00e9lectroniques par Outlook 2002. Un utilisateur\ndistant mal intentionn\u00e9 peut, par le biais d\u0027un m\u00e9l dont l\u0027en-t\u00eate est\njudicieusement compos\u00e9e, provoquer l\u0027arr\u00eat brutal du programme sur la\nmachine cible.\n\n## Solution\n\nAppliquer le correctif disponible en t\u00e9l\u00e9chargement sur le site de\nMicrosoft (cf. section Documentation).\n",
  "cves": [],
  "links": [
    {
      "title": "Bulletin Microsoft :",
      "url": "http://www.microsoft.com/technet/security/bulletin/MS02-067.asp"
    }
  ],
  "reference": "CERTA-2002-AVI-259",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2002-12-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans Outlook 2002 permet, par l\u0027envoi d\u0027un courrier\n\u00e9lectronique judicieusement compos\u00e9, de r\u00e9aliser un d\u00e9ni de service sur\nla machine cible.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Outlook",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin Microsoft MS02-057",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.