CVE

Id
1794  
CVE No.
CVE-2000-0216  
Status
Candidate  
Description
Microsoft email clients in Outlook, Exchange, and Windows Messaging automatically respond to Read Receipt and Delivery Receipt tags, which could allow an attacker to flood a mail system with responses by forging a Read Receipt request that is redirected to a large distribution list.  
Phase
Proposed (20000322)  
Votes
ACCEPT(1) Cole | MODIFY(1) Frech | NOOP(2) Baker, Ozancin | REJECT(3) Blake, LeBlanc, Levy | REVIEWING(1) Wall  
Comments
Blake> This is a configuration issue. Should the fact that NT can be configured | to accept a blank Admin password have a CVE entry? | LeBlanc> This is documented as bad practice - if you have a wide distribution | mailing list, you should only allow certain users to send mail to it. | I don"t think we want to start listing all possible admin errors as | vulnerabilities. | Frech> XF:microsoft-mail-client-dos(4893) | Levy> I agree with all the above comments. Furthermore the delivery status | notification RFC makes it clear that mailing list software should | strip messages from DSN headers. I assume Microsoft"s products are | using the DSN standard and not something else.  

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
5617 1794 CVE-2000-0216 NTBUGTRAQ:20000229 mailbombing DoS easily exploitable against mail systems using MS mail clients.  View

Related JVN