Microsoft Outlook Express 5.5 - Denial of Service Device Denial of Service

Author: ERRor
type: dos
platform: windows
port: 
date_added: 2002-04-24  
date_updated: 2012-09-23  
verified: 1  
codes: OSVDB-11948;OSVDB-11947  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 21419.txt  

source: https://www.securityfocus.com/bid/4584/info

A denial of service issue has been reported in Microsoft Outlook Express.

Reportedly, Outlook Express does not adequately handle unusually crafted HTML mail messages. Modifying the BGSOUND or IFRAME tag to contain a URL pointing to a DOS device, could cause Outlook Express to stop responding.

Under certain circumtances this issue may cause the system to consume CPU time.

Varying results have been reported when data is sent directly to a device, such as a denial of service, hardware failure, information disclosure or unauthorized device access.

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/21419-1.eml

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/21419-2.eml