The Malformed E-mail Header Update for Microsoft Outlook® 2000/98 addresses a vulnerability that could allow a malicious hacker to send an e-mail message that would crash Outlook and potentially run arbitrary code. By sending an e-mail message with a malformed header, the malicious sender can cause and exploit a buffer overrun on your machine. The danger in this vulnerability is that the buffer overrun would occur even if you do not open or preview the e-mail message.

This vulnerability can affect your computer even if you follow what would normally be safe computing practices such as installing the Outlook 2000 SR-1 E-mail Security Update and using the Security Zones feature (Tools menu, Options command, Security tab in Outlook 2000) or the Outlook 98 E-mail Security Update to manage the security of your e-mail client. Because this vulnerability only affects certain protocols, Outlook running in Corporate or Workgroup mode would not typically be affected.

Note  To use the Malformed E-mail Header Update with Outlook 2000, you must have installed Office 2000 SR-1 or Office 2000 Service Release 1a (SR-1a).

For additional information about this update, read the Microsoft Knowledge Base article (Q267884) Outlook Express Security Vulnerability Fixed in IE 5.01 SP1. Additional information and the update itself is available at Microsoft Security Bulletin (MS00-045): Patch Available for "Persistent Mail-Browser Link" Vulnerability. Frequently asked questions regarding this update can be found at Microsoft Security Bulletin (MS00-045): Frequently Asked Questions. Review the section entitled "Malformed E-mail Header Vulnerability: Frequently Asked Questions".