OL98: Update Available for Outlook 98 Security IssueID: Q175807
|
Microsoft has made an updated patch available for Microsoft Outlook 98 that
protects customers against a potential vulnerability involving file
attachments with extremely long names as well a variant found during
continued testing.
The original vulnerability was caused by improper handling of file
attachments with very long file names in Outlook 98. As part of our on-
going security review, we discovered a variant of this vulnerability, which
this updated patch addresses. Microsoft strongly recommends that all users
download the updated patch to be protected against these vulnerabilities.
This issue can cause a crash or other unexpected behavior when downloading
a message with a file attachment that has an extremely long file name. This
could conceivably happen when you use Outlook 98 in any installation
configuration:
In Internet Mail Only (IMO), you will receive an error similar to the
following:
In Corporate Workgroup, you will receive an error similar to the following:OUTLOOK caused an invalid page fault in module OUTLMIME.DLL.
It is difficult but conceptually possible for an individual to cause malicious code to be executed on your computer as a result of this problem. There have not been any reports of customers being affected by this problem.MAPISP32 caused an invalid page fault in module OUTLMIME.DLL.
http://officeupdate.microsoft.com/downloadDetails/outptch2.htmAfter the Outptch2.exe has been installed, the version number for Outlook will show 8.5.5603 in About Microsoft Outlook under the Help menu. This patch applies to English (U.S.) installations of Outlook. Localized versions of the patch will be released shortly.
Additional query words: 98 buffer overrun secpatch
Keywords : kbfile EvnGpf
Version : WINDOWS:
Platform : WINDOWS
Issue type : kbbug Last Reviewed: July 26, 1999