September 26, 2016

Vulnerability in Microsoft Outlook Email File Attachment

Security researcher at CSIS Security Group has discovered a denial of service (DoS) vulnerability in Microsoft Outlook email file attachment.

This zero-day vulnerability which has been reported to Microsoft on November 19, 2010 is caused as a result of the improper handling of email file attachments with no extension. This can be exploited to cause a DoS by tricking a user into clicking on an attachment with no file extension in the reading pane, with reference to CSIS Advisory.

The vulnerability is confirmed in Microsoft Outlook 2007 (12.0.6539.5000) SP2 MSO (12.0.6545.5004) . However, other versions may also be affected.

Visit Microsoft Office Help or download CSIS security advisory for more information.