OL98: Update Available for Outlook 98 Security Issue

ID: Q175807

The information in this article applies to:

Microsoft Outlook 98

SUMMARY

Microsoft has made an updated patch available for Microsoft Outlook 98 that protects customers against a potential vulnerability involving file attachments with extremely long names as well a variant found during continued testing.

The original vulnerability was caused by improper handling of file attachments with very long file names in Outlook 98. As part of our on- going security review, we discovered a variant of this vulnerability, which this updated patch addresses. Microsoft strongly recommends that all users download the updated patch to be protected against these vulnerabilities.

This issue can cause a crash or other unexpected behavior when downloading a message with a file attachment that has an extremely long file name. This could conceivably happen when you use Outlook 98 in any installation configuration:

In Internet Mail Only (IMO), you will receive an error similar to the following:

OUTLOOK caused an invalid page fault in module OUTLMIME.DLL.

In Corporate Workgroup, you will receive an error similar to the following:

MAPISP32 caused an invalid page fault in module OUTLMIME.DLL.

It is difficult but conceptually possible for an individual to cause malicious code to be executed on your computer as a result of this problem. There have not been any reports of customers being affected by this problem.

The Outlook Security Patch may be downloaded from the following Microsoft Web site:

http://officeupdate.microsoft.com/downloadDetails/outptch2.htm

After the Outptch2.exe has been installed, the version number for Outlook will show 8.5.5603 in About Microsoft Outlook under the Help menu. This patch applies to English (U.S.) installations of Outlook. Localized versions of the patch will be released shortly.

Additional query words: 98 buffer overrun secpatch

Keywords : kbfile EvnGpf
Version : WINDOWS:
Platform : WINDOWS
Issue type : kbbug