CVE-2002-2164

Microsoft Outlook Express 5.0, 5.5, 6.0 - Denial of Service via Long HREF Link

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-2164. PoCs published by Stefano Zanero.

AI-analyzed exploit summary The provided text describes a DoS vulnerability in Outlook Express where a maliciously crafted HTML email with an excessively long <A HREF> link (over 4095 characters) causes the application to stop responding. The exploit details are referenced from SecurityFocus BID 5682, but no actual exploit code is included in the provided content.

Description

Buffer overflow in Microsoft Outlook Express 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (crash) via a long <A HREF> link.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Stefano Zanero · textdoswindows
https://www.exploit-db.com/exploits/21789

The provided text describes a DoS vulnerability in Outlook Express where a maliciously crafted HTML email with an excessively long <A HREF> link (over 4095 characters) causes the application to stop responding. The exploit details are referenced from SecurityFocus BID 5682, but no actual exploit code is included in the provided content.

Classification
Writeup 80%
Attack Type
Dos
Complexity
Trivial
Reliability
Theoretical
Target: Microsoft Outlook Express (version unspecified)
No auth needed
Prerequisites: Ability to send an HTML email to a target using Outlook Express
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/5682
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://online.securityfocus.com/archive/1/291058
Third Party Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/10067.php

Scores

EPSS 0.2191
EPSS Percentile 97.4%

Details

Status published
Products (4)
microsoft/outlook_express 5.0
microsoft/outlook_express 5.0.1
microsoft/outlook_express 5.5
microsoft/outlook_express 6.0
Published Dec 31, 2002
Tracked Since Feb 18, 2026