Microsoft Outlook Express May Fail to Delete E-mail Messages from Local Storage
|
|
SecurityTracker Alert ID: 1005489 |
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Oct 28 2002
|
Impact: Disclosure of user information
|
Exploit Included: Yes
|
Version(s): 6.0
|
Description: A potential information disclosure issue was reported in Microsoft Outlook Express. A local user may be able to obtain access to deleted e-mail messages.
Secure Target Network reported that Outlook Express (OE) may fail to remove e-mail messages from the underlying '.dbx' files used
by OE to store messages.
The messages are reportedly stroed in various '.dbx' files in the following folder:
%windrive%\Documents
and Settings\User Profile\Local Settings\Application Data\Identities\{Class ID}\Microsoft\Outlook Express
When the user selects
"Empty messages from the 'Deleted Items' folder on exit", the messages reportedly remain in both the 'yourfolder.dbx' and 'Deleted
Items.dbx' files.
|
Impact: Outlook Express may fail to remove e-mail messages from local storage. A local user may be able to view the messages.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: www.microsoft.com/technet/security/ (Links to External Site)
|
Cause: Access control error, State error
|
Underlying OS: Windows (Any)
|
Reported By: Kaveh Mofidi <Admin@SECURETARGET.NET>
|
Message History:
None.
|
Source Message Contents
|
Date: Sun, 27 Oct 2002 15:38:57 +0330
From: Kaveh Mofidi <Admin@SECURETARGET.NET>
Subject: OE DBX Exposure
|
Secure Target Network (Security Advisory October 27, 2002)
Topic: OE DBX Exposure
Discovery date: October 02, 2002
Affected applications and platforms:
All versions of Outlook Express on any Windows platform
Introduction:
You already worked with .dbx files, storing and managing your messages under OE. A default folder tak
es care of them:
%windrive%\Documents and Settings\User Profile\Local Settings\Application Data\Identities\{Class ID}\
Microsoft\Outlook Express
All of your messages will give named by their folders and all folders are defined at Folders.dbx file
.
When you delete your messages, they move on Deleted Items.dbx (Deleted Items folder), so when you exi
t from OE, they must gone but
this isn't happening.
Even when you choose "Empty messages from the 'Deleted Items' folder on exit" they remain i
n both yourfolder.dbx and Deleted Items.dbx
files.
Exploit:
As you can probably see, this may effect in a wide range of exposure attacks; no escalation of privil
eges or any other system compromise
directly happen. So, anybody with physical access to your computer would be the reader of your email
messages and any private information
there.
Workaround:
Manipulating messages and folders containing them may change the way OE refresh its operations but al
so may lead to leaving more and
more DBX files exposed. The only solution to this issue is to deleting the whole target folder.
Tested on:
Outlook Express 6.0.2600.0000 on Windows XP
Outlook Express 6.0.2600.0000 and 6.0.2800.1106 on Windows 2000 SP3
Feedback:
Kaveh Mofidi (Admin@SecureTarget.Net)
Secure Target Network (Security Consulting Group)
HTTP://SECURETARGET.NET
|
|
