Microsoft Outlook Express POP Denial of Service Vulnerability

low Nessus Network Monitor Plugin ID 1292

Synopsis

The remote host is vulnerable to a Denial of Service (DoS) attack

Description

The remote host is running a version of Outlook Express that is vulnerable to a DoS attack whereby a malicious message sent to the users mailbox will halt POP mail download. This vulnerability results from Outlook incorrectly processing escaped '.' as EOM markers when the dots are contained in separate IP datagrams.

Solution

Upgrade to the latest version.

Plugin Details

Severity: Low

ID: 1292

Family: SMTP Clients

Published: 8/20/2004

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS v3

Risk Factor: Low

Base Score: 3.7

Temporal Score: 3.6

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS:3.0/E:F/RL:U/RC:X

Vulnerability Information

CPE: cpe:/a:microsoft:outlook_express

Reference Information

CVE: CVE-1999-1033

BID: 252

Detections

Analytics