SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
About the Archives
Want to learn about the SecurityTracker archives? We've got answers to frequently asked questions right here
Sign Up!





Category:  Application (E-mail Client)  >  Outlook Express Vendors:  Microsoft
Microsoft Outlook Express Crashes When Reading Certain E-mail Messages
Date:  Mar 23 2001 15:44 (UTC/GMT)
Impact:  Denial of service via network
Exploit Included:  Yes  
Version(s): 4.72
Description:  It is reported that Microsoft Outlook Express will crash when reading an e-mail message if there are too many characters in the "Newsgroups:" field of the message header.

A buffer overflow will occur if the "Newsgroups:" field in a received e-mail's standard SMTP header contains more than 700 characters.
Impact:  An attacker could send e-mail to a recipient that causes the recipient's Outlook Express e-mail client to crash.
Solution:  No solution was available at the time of this entry.
Vendor URL:  http://www.microsoft.com/technet/security/
Cause:  Boundary error
Underlying OS:  Windows (Any)
Reported By:  Steve <steve@SECURESOLUTIONS.ORG>
Message History:   This archive entry has one or more follow-up message(s) listed below.
Mar 23 2001 Re: Microsoft Outlook Express Crashes When Reading Certain E-mail Messages   (Paul Schmehl <pauls@UTDALLAS.EDU>)
A user reports that a similar buffer overflow exists in the email "Subject:" header field of Outlook Express.


 Message Contents
Date:  Tue, 20 Feb 2001 23:21:06 -0700
From:  Steve <steve@SECURESOLUTIONS.ORG>
Subject:  Local Bufferoverflow in OutlookExpress

 

This was forwarded from Vuln-Dev.  Looks like a pretty low risk to me
but........

-=-=-=-=-=-=-
Steve Manzuik
Moderator - Win2KSecAdvice
http://www.windowsitsecurity.com
-=-=-=-=-=-=-


------------------------------------------------------------

Made in Holland
PCP/A #0005 (pr0ph)


Local Bufferoverflow in OutlookExpress

Proved Vulnerable: OutlookExpress 4.72
Posted To: Bugtraq/Vuln-Dev mailinglists & Packetstorm



A buffer will overflow if your "Newsgroups:" field contains more than 700
chars. OE will close down with the following "Dr. Watson for Windows NT"
message:

"An application error has occured

and an application error log is being generated

msmn.exe
Exception access violation (0xc00000005), Address: 0x77f64d28"

This will also create a USER.DMP file in your WINNT directory. This file can
be used to extract passwords from, see my previous message to Bugtraq called
"NT stores passwords in plaintext (sp00ky)"


Another fine Planet Cazzz Production/Advisory, in assosiation with The
Nations Top. We cannot be held responsible for your actions, but you can
try. Made in Holland. PCP/A #0005 (pr0ph)


We want to say hell0 to all the Crackers, the Hackers and the Phreax. We
want to say hell0 to all the people in this place. We want to say hell0 to
all the Sinners and 31337. We say hell0 to all the people in the world...



-No Strezzz Cazzz, Powered By UN0X

Vengeance is here, its time to ressurect. Anger without phear....The
Bulld0zer Project !

_____________________________________________________________________
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: listserv@listserv.ntsecurity.net


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2001, SecurityGlobal.net LLC