Outlook Express under threat from hackers

Antivirus firm Beyond Security Ltd. has announced a serious vulnerability within Outlook Express that can bypass the SMTP (simple mail transfer protocol) filtering engines used by many companies, including gateway virus scanners, content filters and firewalls.

Outlook Express allows users to split up sent e-mails, which in turn enables a connecting user to send smaller segments of larger messages in a multiple email.

But the Message Fragment and Reassembly command within Outlook allows anyone, according to Beyond Security, to bypass most of the security restrictions placed on email messages.

As the messages have been fragmented into smaller segments, virus scanners cannot detect them and the recipient will simply receive one large file containing many smaller potentially dangerous emails.

"This generic flaw affects all SMTP content filtering software," said Aviram Jenik, Beyond Security CEO. "As virus writers seek increasingly sophisticated methods to disseminate their viruses, email exploits will become a more popular means for doing so."

Security firm GFI has developed an email security testing engine to allow users to test their systems for the vulnerability.

While several antivirus software vendors have warned users that they could be affected.

"We have confirmed that our product InterScan VirusWall 3.5x is affected by the vulnerability," said a TrendMicro spokesperson. "In order to resolve this problem we have released a patch, which can be downloaded from the FTP server." Users should look for the ISNT Hotfix_build1494_v352_Smtp_case6593.zip hotfix.

Software vendor Symantec admitted it had been aware of the potential malicious use of this feature for some time.

"All currently supported Symantec gateway products, by default, block multipart MIME messages at the gateway. It can be disabled if a multipart email is required," said a spokesman at Symantec. A formal response is due from Symantec today and will be posted here.

"The rejection of segmented emails should be part of a company's comprehensive security policy to restrict potential harmful content from the internal network," he added.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Wendy Brewer

PC World
Show Comments

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers


This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang


It really doesn’t get more “gaming laptop” than this.

Jack Jeffries


As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr


The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?