>Can anyone tell me what the [Outlook 'CR' Vulnerability] is and where to
>fine information on it to give to the customer.   I am running f-prot 3.12
>as the scanner



The issue is that there is a header with an illegal character in it (a 
carriage return, rather than the carriage return + linefeed that indicates 
the end of a line). There is no valid reason to have such as character in 
the headers, and it violates RFC specs (and would be reason to fail the 
BADHEADERS test in Declude JunkMail, although that is not currently tested 
for). Having such a character in the headers causes a "fork" in processing 
the E-mail -- some programs (AV scanners or mail clients) will handle the 
headers correctly, others (Outlook) will not, and will process the E-mail 
very differently (with extra headers that don't really exist, without 
headers that do exist, and even creating non-existent attachments with very 
real viruses). As a result, having such a character bypasses security 
mechanisms.

http://www.openoffice.nl/special_interest/outlookbug.html has more 
information on this issue.
                                    -Scott

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".  You can E-mail
[EMAIL PROTECTED] for assistance.  You can visit our web
site at http://www.declude.com .

Reply via email to