Important CSS Directive Causes MS Outlook To Crash

April 7, 2017

Microsoft Outlook is an email client used to send and receive email messages. Recently, SonicWALL received reports of a bug in MS Outlook, wherein a specially crafted email causes it to crash shortly after reading.

The POC shows the email to contain both text and html portions, as shown below:

Retrieving this email via MS Outlook causes a crash as shown:

Debugging Outlook, we see that the crash occurs at wwlib.dll (not necessarily Outlook).

This dll is also used by other Office applications such as Word and Powerpoint. This is used for reading and displaying HTML content.

The problem arises with the "!important" directive in the CSS. Upon testing, removing this directive from the email message sent does not cause a crash.

SonicWALL Threat Research Team has researched this vulnerability and released following signature to protect their customers.

  • IPS 12702 : Microsoft Outlook Denial of Service