SonicWall Security Center
Share: Linkedin Share Facebook Like
Back to SonicALERT

Important CSS Directive Causes MS Outlook To Crash (Apr 7, 2017)


Microsoft Outlook is an email client used to send and receive email messages. Recently, SonicWALL received reports of a bug in MS Outlook, wherein a specially crafted email causes it to crash shortly after reading.

The POC shows the email to contain both text and html portions, as shown below:

Retrieving this email via MS Outlook causes a crash as shown:

Debugging Outlook, we see that the crash occurs at wwlib.dll (not necessarily Outlook).

This dll is also used by other Office applications such as Word and Powerpoint. This is used for reading and displaying HTML content.

The problem arises with the "!important" directive in the CSS. Upon testing, removing this directive from the email message sent does not cause a crash.

SonicWALL Threat Research Team has researched this vulnerability and released following signature to protect their customers.

  • IPS 12702 : Microsoft Outlook Denial of Service

Back to top

Back to SonicALERT

Follow: Follow us on Facebook Follow us on Twitter Join the Conversation
© 2021 SonicWall | Privacy Policy | Conditions for use | Feedback | Live Demo | SonicALERT | Document Library | Report Issues
Version: 17.3 | S1MSW04