SUMMARY
Microsoft has made an updated patch available for Microsoft Outlook 98 that
protects customers against a potential vulnerability involving file
attachments with extremely long names as well a variant found during
continued testing.
The original vulnerability was caused by improper handling of file
attachments with very long file names in Outlook 98. As part of our on-
going security review, we discovered a variant of this vulnerability, which
this updated patch addresses. Microsoft strongly recommends that all users
download the updated patch to be protected against these vulnerabilities.
This issue can cause a crash or other unexpected behavior when downloading
a message with a file attachment that has an extremely long file name. This
could conceivably happen when you use Outlook 98 in any installation
configuration:
In Internet Mail Only (IMO), you will receive an error similar to the
following:
OUTLOOK caused an invalid page fault in module OUTLMIME.DLL.
In Corporate Workgroup, you will receive an error similar to the following:
MAPISP32 caused an invalid page fault in module OUTLMIME.DLL.
It is difficult but conceptually possible for an individual to cause
malicious code to be run on your computer as a result of this problem.
There have not been any reports of customers being affected by this
problem.
The Outlook Security Patch may be downloaded from the following Microsoft
Web site:
After the Outptch2.exe has been installed, the version number for Outlook
will show 8.5.5603 in About Microsoft Outlook under the Help menu. This
patch applies to English (U.S.) installations of Outlook. Localized
versions of the patch will be released shortly.