SonicWall Security Center
Share: Linkedin Share Facebook Like
Back to SonicALERT


Important CSS Directive Causes MS Outlook To Crash (Apr 7, 2017)



Description


Microsoft Outlook is an email client used to send and receive email messages. Recently, SonicWALL received reports of a bug in MS Outlook, wherein a specially crafted email causes it to crash shortly after reading.

The POC shows the email to contain both text and html portions, as shown below:

Retrieving this email via MS Outlook causes a crash as shown:

Debugging Outlook, we see that the crash occurs at wwlib.dll (not necessarily Outlook).

This dll is also used by other Office applications such as Word and Powerpoint. This is used for reading and displaying HTML content.

The problem arises with the "!important" directive in the CSS. Upon testing, removing this directive from the email message sent does not cause a crash.

SonicWALL Threat Research Team has researched this vulnerability and released following signature to protect their customers.

  • IPS 12702 : Microsoft Outlook Denial of Service




Back to top

Back to SonicALERT

Follow: Follow us on Facebook Follow us on Twitter Join the Conversation
#SonicWall
© 2017 SonicWall | Privacy Policy | Conditions for use | Feedback | Live Demo | SonicALERT | Document Library | Report Issues
Version: 13.7 | S2MSW01