Microsoft KB Archive/175807

= OL98: Update Available for Outlook 98 Security Issue =

Article ID: 175807

Article Last Modified on 8/5/2004

-

APPLIES TO


 * Microsoft Outlook 98 Standard Edition

-



This article was previously published under Q175807



SUMMARY
Microsoft has made an updated patch available for Microsoft Outlook 98 that protects customers against a potential vulnerability involving file attachments with extremely long names as well a variant found during continued testing.

The original vulnerability was caused by improper handling of file attachments with very long file names in Outlook 98. As part of our on- going security review, we discovered a variant of this vulnerability, which this updated patch addresses. Microsoft strongly recommends that all users download the updated patch to be protected against these vulnerabilities.

This issue can cause a crash or other unexpected behavior when downloading a message with a file attachment that has an extremely long file name. This could conceivably happen when you use Outlook 98 in any installation configuration:

In Internet Mail Only (IMO), you will receive an error similar to the following:

OUTLOOK caused an invalid page fault in module OUTLMIME.DLL.

In Corporate Workgroup, you will receive an error similar to the following:

MAPISP32 caused an invalid page fault in module OUTLMIME.DLL.

It is difficult but conceptually possible for an individual to cause malicious code to be run on your computer as a result of this problem. There have not been any reports of customers being affected by this problem.

The Outlook Security Patch may be downloaded from the following Microsoft Web site:

http://office.microsoft.com/downloads/9798/outptch2.aspx

After the Outptch2.exe has been installed, the version number for Outlook will show 8.5.5603 in About Microsoft Outlook under the Help menu. This patch applies to English (U.S.) installations of Outlook. Localized versions of the patch will be released shortly.

Additional query words: 98 buffer overrun secpatch outpatch outpatch2

Keywords: kbdownload kbbug kbfix kbfile kbsecurity KB175807

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.