Microsoft Outlook / Outlook Express GMT字段缓冲区溢出漏洞

漏洞信息详情

Microsoft Outlook / Outlook Express GMT字段缓冲区溢出漏洞

• CNNVD编号：CNNVD-200007-048
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2000-0567
  
• 漏洞类型：
  
  
  缓冲区溢出
  
• 发布时间：
  
  2000-07-18
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-12
  
• 厂        商：
  
  microsoft
• 漏洞来源：
  Discovered by USSR…

Microsoft Outlook和Outlook Express存在缓冲区溢出漏洞。远程攻击者借助电子邮件头中的超长Date字段执行任意命令，又称为\”Malformed E-mail Header\”漏洞。

Filters have been made for Sendmail and Postfix to deal with this issue. See the Bugtraq posts in the Credit section for more information.
This vulnerability may be resolved through installing Internet Explorer 5.01 SP1 or Internet Explorer 5.5 on systems other than Microsoft Windows 2000.
Vulnerable users of Windows 2000 may resolve this issue by installing Windows 2000 Service Pack 1.
It has been reported that customers installing the patches on versions of Internet Explorer other than 4.01 SP2 or 5.01 may receive the message ‘This update does not need to be installed on this system’ when the patch is in fact required. Users are advised to install the patch regardless.
Patches are available for some systems:
Microsoft Outlook Express 4.0 1 SP2

• Microsoft q261255.exe
  
  http://download.microsoft.com/download/ie4095/secpach9/4.01_SP2/W9XNT4
  /EN-US/q261255.exe

Microsoft Outlook Express 5.0 1

• Microsoft q261255.exe
  
  http://download.microsoft.com/download/ie501/secpach9/5.01/WIN98/EN-US
  /q261255.exe

来源: XF
名称: outlook-date-overflow
链接:http://xforce.iss.net/static/4953.php

来源: BID
名称: 1481
链接:http://www.securityfocus.com/bid/1481

来源: MS
名称: MS00-043
链接:http://www.microsoft.com/technet/security/bulletin/ms00-043.mspx