Vulnerabilities > CVE-2002-0285 - Unspecified vulnerability in Microsoft Outlook Express 5.5/6.0

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

microsoft

NVD

Published: 2002-05-31

Updated: 2016-10-18

Summary

Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR") in a message header as if it were a valid carriage return/line feed combination (CR/LF), which could allow remote attackers to bypass virus protection and or other filtering mechanisms via a mail message with headers that only contain the CR, which causes Outlook to create separate headers.

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft Outlook Express 5.5 Microsoft Outlook Express 6.0	2

References

http://marc.info/?l=bugtraq&m=101362077701164&w=2
http://www.iss.net/security_center/static/8198.php
http://www.securityfocus.com/bid/4092