SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (E-mail Client)  >   Microsoft Outlook Express Vendors:   Microsoft
Microsoft Outlook Express May Fail to Delete E-mail Messages from Local Storage
SecurityTracker Alert ID:  1005489
SecurityTracker URL:  http://securitytracker.com/id/1005489
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Oct 28 2002
Impact:   Disclosure of user information
Exploit Included:  Yes  
Version(s): 6.0
Description:   A potential information disclosure issue was reported in Microsoft Outlook Express. A local user may be able to obtain access to deleted e-mail messages.

Secure Target Network reported that Outlook Express (OE) may fail to remove e-mail messages from the underlying '.dbx' files used by OE to store messages.

The messages are reportedly stroed in various '.dbx' files in the following folder:

%windrive%\Documents and Settings\User Profile\Local Settings\Application Data\Identities\{Class ID}\Microsoft\Outlook Express

When the user selects "Empty messages from the 'Deleted Items' folder on exit", the messages reportedly remain in both the 'yourfolder.dbx' and 'Deleted Items.dbx' files.
Impact:   Outlook Express may fail to remove e-mail messages from local storage. A local user may be able to view the messages.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.microsoft.com/technet/security/ (Links to External Site)
Cause:   Access control error, State error
Underlying OS:   Windows (Any)

Message History:   None.

 Source Message Contents
Date:  Sun, 27 Oct 2002 15:38:57 +0330
Subject:  OE DBX Exposure


Secure Target Network (Security Advisory October 27, 2002)

 

Topic: OE DBX Exposure

 

Discovery date: October 02, 2002

 

Affected applications and platforms:

All versions of Outlook Express on any Windows platform

 

Introduction:

You already worked with .dbx files, storing and managing your messages under OE. A default folder takes care of them:

%windrive%\Documents and Settings\User Profile\Local Settings\Application Data\Identities\{Class ID}\Microsoft\Outlook Express

All of your messages will give named by their folders and all folders are defined at Folders.dbx file.

When you delete your messages, they move on Deleted Items.dbx (Deleted Items folder), so when you exit from OE, they must gone but
 this isn't happening.

Even when you choose "Empty messages from the 'Deleted Items' folder on exit" they remain in both yourfolder.dbx and Deleted Items.dbx
 files.

 

Exploit:

As you can probably see, this may effect in a wide range of exposure attacks; no escalation of privileges or any other system compromise
 directly happen. So, anybody with physical access to your computer would be the reader of your email messages and any private information
 there.

 

Workaround:

Manipulating messages and folders containing them may change the way OE refresh its operations but also may lead to leaving more and
 more DBX files exposed. The only solution to this issue is to deleting the whole target folder.

 

Tested on:

Outlook Express 6.0.2600.0000 on Windows XP

Outlook Express 6.0.2600.0000 and 6.0.2800.1106 on Windows 2000 SP3

 

Feedback:

Kaveh Mofidi (Admin@SecureTarget.Net)

Secure Target Network (Security Consulting Group)

HTTP://SECURETARGET.NET


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2012, SecurityGlobal.net LLC