Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR") in a message header as if it were a valid carriage return/line feed combination (CR/LF), which could allow remote malicious users to bypass virus protection and or other filtering mechanisms via a mail message with headers that only contain the CR, which causes Outlook to create separate headers.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft outlook express 5.5 |
||
microsoft outlook express 6.0 |