[10533] in bugtraq
Outlook Express Win98 bug, addition.
daemon@ATHENA.MIT.EDU (Miquel van Smoorenburg)
Thu May 13 18:06:41 1999
Errors-To: news@news.cistron.nl
Message-Id: <7hbfu2$hmh$1@Q.cistron.nl>
Date: Wed, 12 May 1999 10:59:46 +0200
Reply-To: Miquel van Smoorenburg <miquels@CISTRON.NL>
From: Miquel van Smoorenburg <miquels@CISTRON.NL>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <7h8rg1$eos$1@Q.cistron.nl>
In article <cistron.7h8rg1$eos$1@Q.cistron.nl>,
Miquel van Smoorenburg <miquels@CISTRON.NL> wrote:
>There is a bug in Outlook Express delivered with Windows '98, at least
>version 4.72.3110.1 (4.01 SP1) and 4.72.3120.0 (4.01 SP1 + oepatsp1)
[...]
>Outlook
>Express will interpret the double-dot as a single dot, switching back to
>POP3 command mode and interpreting the rest of the message as a response
>from the POP3 server. Result is an error message and usually a hanging
>POP3 session.
It occured to me that it might not be clear from the original message
but because the POP3 session is hanging, the message will not be removed
from the server and the next time mail is check the same thing will
occur. This is an effective DOS attack against the mailbox.
The only way to solve this is to remove the message with another
POP3 email program (Eudora, Pegasus) or to ask the sysadmin of the POP3
server to remove the message manually (look for a message that has a line
starting with a dot).
Upgrading to MSIE 5.0 will also solve the problem, but there is no
simple/small bugfix from Microsoft available (an MSIE 5.0 download is
what - 20 MB at least?) yet for as far as I know.
So, ISP helpdesks - take note. This is at least one of the causes of
the problems all these people have been having with their "blocked mail".
Mike.
--
Indifference will certainly be the downfall of mankind, but who cares?
