Exchange Server Forums

Outlook 'CR' Vulnerability

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [Microsoft Exchange 2003] >> Server Security >> Outlook 'CR' Vulnerability

Page: [1]

Message

<< Older Topic Newer Topic >>

Limited time MSExchange.org offer! -- 1.Sep.2008 1:00:00 PM

TechGenix and SolarWinds have partnered to provide free copies of SolarWinds Exchange Monitor to all visitors who join the MSExchange.org Forums. SolarWinds Exchange Monitor is a handy desktop dashboard that continuously monitors Microsoft Exchange to deliver real-time insight into Exchange services, mail queue sizes, and host server health. Learn more about Exchange Monitor and the free offer!

Outlook 'CR' Vulnerability - 30.Oct.2003 6:12:00 PM

emustiga

Posts: 8
Joined: 27.Aug.2002
From: Miami
Status: offline

Definition of Outlook 'CR' Vulnerability: This vulnerability occurs when an E-mail contains a single 'CR' character within the E-mail headers (as opposed to a 'CR' followed by an 'LF', which is used to end a line in SMTP). Outlook can treat this as the end of the headers, which would allow Outlook to see a virus that was embedded in the headers. RFC2822 2.2 says that CR and LF characters cannot appear alone in the headers. Also, there is no legitimate reason for an E-mail to contain a lone 'CR' in the headers.

I need to know how to fix the problem, is any patch for this? Some emails are filtered and held by Declude and AppRiver services because of Outlook 'CR' Vulnerability.
Declude refer to it as a Mail Server issue.
Thank you in advance for your help in this matter.