20CN网络安全小组论坛 - 黑客进阶 - OutlookExpress畸形邮件头拒绝服务漏洞(MS04-018)[转载]

论坛: 黑客进阶标题: OutlookExpress畸形邮件头拒绝服务漏洞(MS04-018)[转载]

作者: pula [pula]

论坛用户

受影响系统：
Microsoft Outlook Express 6.0 SP1 (64 bit Edition)
Microsoft Outlook Express 6.0 SP1
Microsoft Outlook Express 5.5 SP2
Microsoft Outlook Express 6.0
- Microsoft Windows XP Professional SP1
- Microsoft Windows XP Professional
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Home
- Microsoft Windows 2003 Web Edition
- Microsoft Windows 2003 Standard Edition
- Microsoft Windows 2003 Enterprise Edition
- Microsoft Windows 2003 Datacenter Edition
- Microsoft Windows 2000 Server SP4
- Microsoft Windows 2000 Server SP3
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Professional SP4
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Datacenter Server SP4
- Microsoft Windows 2000 Datacenter Server SP3
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Advanced Server SP4
- Microsoft Windows 2000 Advanced Server SP3
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
描述：
--------------------------------------------------------------------------------
CVE(CAN) ID: CAN-2004-0215

Microsoft Outlook Express是流行的邮件处理程序。

Microsoft Outlook Express在处理畸形邮件头时存在问题，远程攻击者可以利用这个漏洞对Outlook Express进行拒绝服务攻击。

目前没有详细漏洞细节提供。

<*来源：Microsoft Security Team （secure@microsoft.com）

链接：http://www.microsoft.com/technet/security/bulletin/MS04-018.mspx
*>

建议：
--------------------------------------------------------------------------------
厂商补丁：

Microsoft
---------
Microsoft已经为此发布了一个安全公告（MS04-018）以及相应补丁:
MS04-018：Cumulative Security Update for Outlook Express (823353)
链接：http://www.microsoft.com/technet/security/bulletin/MS04-018.mspx

补丁下载：

Microsoft Outlook Express 5.5 Service Pack 2
http://www.microsoft.com/downloads/details.aspx?FamilyId=9A8D1BF2-93C5-41A9-B79A-31D54743BA0E&displaylang=en

Microsoft Outlook Express 6
http://www.microsoft.com/downloads/details.aspx?FamilyId=D5900DF1-10AB-4850-9064-3070CE1F948A&displaylang=en

Microsoft Outlook Express 6 Service Pack 1
http://www.microsoft.com/downloads/details.aspx?FamilyId=AD6A96BC-DAF0-4EAB-89B8-BD702B3E3E5D&displaylang=en

Microsoft Outlook Express 6 Service Pack 1 (64 bit Edition)
http://www.microsoft.com/downloads/details.aspx?FamilyId=ADCCF304-6CFC-48D6-9A3F-2A601C3A04A5&displaylang=en

Microsoft Outlook Express 6 on Windows Server 2003
http://www.microsoft.com/downloads/details.aspx?FamilyId=C99AAFCD-B99B-4B13-A366-5F8EDC83633F&displaylang=en

Microsoft Outlook Express 6 on Windows Server 2003 (64 bit edition)
http://www.microsoft.com/downloads/details.aspx?FamilyId=10D1AAD0-0313-4BEB-A174-84CF573F31FD&displaylang=en

作者：不详
来源：银色巢穴

地主发表时间: 04-07-25 13:54

回复: bluehacker [bluehacker]

论坛用户

微软真是麻烦啊
发补丁好象发红包，自己还挺拽的~~~~~~~~``

B1层发表时间: 04-08-01 21:05

论坛: 黑客进阶