General 8065 Published by

Patch Available for "Malformed E-mail Header" Vulnerability

Originally posted: July 18, 2000
Updated: July 20, 2000

Summary
=======
On July 18, 2000, Microsoft released the original version of this
bulletin, to advise customers of the issue and recommend that they
install either of the two service packs that will eliminate the
vulnerability. On July 20, 2000, the bulletin was updated to announce
the availability of patches that eliminate the vulnerability.

Microsoft has released a patch that eliminates a security
vulnerability in Microsoft(r) Outlook(r) and Outlook Express. Under
certain conditions, the vulnerability could allow a malicious user to
cause code of his choice to execute on another user´s computer.

The patch eliminates this vulnerability as well as those discussed in
Microsoft Security Bulletins MS00-045 and MS00-046. Customers who
already have taken the corrective action discussed in either of these
bulletins do not need to take any additional action.

Frequently asked questions regarding this vulnerability and
the patch can be found at
http://www.microsoft.com/technet/security/bulletin/fq00-043.asp

Affected Software Versions
==========================
- Microsoft Outlook Express 4.0
- Microsoft Outlook Express 4.01
- Microsoft Outlook Express 5.0
- Microsoft Outlook Express 5.01
- Microsoft Outlook 97
- Microsoft Outlook 98
- Microsoft Outlook 2000

Patch Availability
==================
This vulnerability can be eliminated by taking any of the following
actions:
- Installing the patch available at
http://www.microsoft.com/windows/ie/download/critical/patch9.htm
- Performing a default installation of Internet Explorer 5.01
Service Pack 1,
http://www.microsoft.com/Windows/ie/download/ie501sp1.htm