CVE-ID

CVE-2000-0415

• Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
Buffer overflow in Outlook Express 4.x allows attackers to cause a denial of service via a mail or news message that has a .jpg or .bmp attachment with a long file name.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
Assigning CNA
N/A
Date Entry Created
20000614 Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Proposed (20000615)
Votes (Legacy)
ACCEPT(3) Levy, Ozancin, Wall
MODIFY(1) Frech
NOOP(3) Christey, Cole, Stracener
REJECT(1) LeBlanc
Comments (Legacy)
 LeBlanc> The poster re-discovered a vulnerability we patched two years
   ago, in
   http://www.microsoft.com/technet/security/bulletin/ms98-008.asp
   Microsoft posted a response to BugTraq when this one went
   public, and reminded them that we'd already patched it.
   
   BTW, I think we want to try and pay attention to follow-ups to
   these threads in order to minimize noise in the process.
 Christey> Based on David's comments, this is covered by CVE-1999-0002.
   However, that candidate may wind up being SPLIT, so I will
   keep this one around for the moment.
   
   With respect to watching followups, we are relying quite
   a bit on other data feeds instead of doing our own reviews
   of all the different data sources.  The data feeds may report
   these problems as new before corrections are posted.
   Followups do often lend additional information to the
   candidates, and as is the case with this one, we will
   often catch the discrepancy before the candidate becomes an
   official entry, whether by MITRE's own analysis or by that
   of other Board members.
 Frech> XF:outlook-image-long-filename

Proposed (Legacy)
20000615
This is an entry on the CVE list, which standardizes names for security problems.