Microsoft Security Bulletin MS00-043
Patch Available for 'Malformed E-mail Header' Vulnerability
Originally posted: July 18, 2000
Updated: July 20, 2000
On July 18, 2000, Microsoft released the original version of this bulletin, to advise customers of the issue and recommend that they install either of the two service packs that will eliminate the vulnerability. On July 20, 2000, the bulletin was updated to announce the availability of patches that eliminate the vulnerability.
Microsoft has released a patch that eliminates a security vulnerability in Microsoft® Outlook® and Outlook Express. Under certain conditions, the vulnerability could allow a malicious user to cause code of his choice to execute on another user's computer.
The patch eliminates this vulnerability as well as those discussed in Microsoft Security Bulletins MS00-045 and MS00-046. Customers who already have taken the corrective action discussed in either of these bulletins do not need to take any additional action.
- Microsoft Outlook Express 4.x
- Microsoft Outlook Express 5.x
- Microsoft Outlook 98
- Microsoft Outlook 2000
Vulnerability Identifier: CVE-2000-0567
This is a fully supported patch. Information on contacting Microsoft Technical Support is available at http://support.microsoft.com/contactussupport/?ws=support .
The Microsoft TechNet Security Web Site provides additional information about security in Microsoft products.
The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
- July 18, 2000: Bulletin Created.
- July 20, 2000: Bulletin updated to announce availability of a patch that does not require a full version upgrade of Internet Explorer.
- July 23, 2000: Bulletin updated to include link to Office Update site and to clarify that the remediative actions for Outlook and Outlook Express users are exactly the same