CVE-2002-0285 — Microsoft Outlook Express vulnerability

3 documents3 sources

Severity

7.5HIGHNVD

EPSS

7.1%

top 8.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Outlook Express

Timeline

PublishedMay 31

Latest updateApr 30

Description

Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR") in a message header as if it were a valid carriage return/line feed combination (CR/LF), which could allow remote attackers to bypass virus protection and or other filtering mechanisms via a mail message with headers that only contain the CR, which causes Outlook to create separate headers.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDmicrosoft/outlook_express5.5, 6.0+1

🔴Vulnerability Details

GHSA

GHSA-fh28-5rx8-8227: Outlook Express 5↗2022-04-30

▶

CVEList

CVE-2002-0285: Outlook Express 5↗2002-05-03

▶