CVE
- Id
- 1993
- CVE No.
- CVE-2000-0415
- Status
- Candidate
- Description
- Buffer overflow in Outlook Express 4.x allows attackers to cause a denial of service via a mail or news message that has a .jpg or .bmp attachment with a long file name.
- Phase
- Proposed (20000615)
- Votes
- ACCEPT(3) Levy, Ozancin, Wall | MODIFY(1) Frech | NOOP(3) Christey, Cole, Stracener | REJECT(1) LeBlanc
- Comments
- LeBlanc> The poster re-discovered a vulnerability we patched two years | ago, in | http://www.microsoft.com/technet/security/bulletin/ms98-008.asp | Microsoft posted a response to BugTraq when this one went | public, and reminded them that we"d already patched it. | | BTW, I think we want to try and pay attention to follow-ups to | these threads in order to minimize noise in the process. | Christey> Based on David"s comments, this is covered by CVE-1999-0002. | However, that candidate may wind up being SPLIT, so I will | keep this one around for the moment. | | With respect to watching followups, we are relying quite | a bit on other data feeds instead of doing our own reviews | of all the different data sources. The data feeds may report | these problems as new before corrections are posted. | Followups do often lend additional information to the | candidates, and as is the case with this one, we will | often catch the discrepancy before the candidate becomes an | official entry, whether by MITRE"s own analysis or by that | of other Board members. | Frech> XF:outlook-image-long-filename
