| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: thor at pivx.com (Thor Larholm) Subject: Outlook Express - is this possible? > From: "Nick FitzGerald" <nick@...us-l.demon.co.uk> > "Gregh" <chows@...mail.com.au> wrote: > > I believe an exploit cropped up within the last 12 months or so for OE > > (version unknown) where the user has preview pane OFF and receives an email > > that he doesn't actually double click on to open. However, in deleting it, > > the user either web bugs himself or puts some sort of exploit in. > > There was an exploitable buffer overflow in a date handling routine in > some .DLL (MSHTML.DLL ???) that OE used for its date functions. > > I have a feeling that was closer to two years ago, but have not > bothered to search the archives to check... It was almost 4 years ago, roughly 3? to be exact, on July 18 2000. "Microsoft Outlook / Outlook Express GMT Field Buffer Overflow Vulnerability" http://www.securityfocus.com/bid/1481 Details in original post: http://www.securityfocus.com/archive/1/70543 You just had to download the email to be exploited. Regards Thor Larholm Senior Security Researcher PivX Solutions 24 Corporate Plaza #180 Newport Beach, CA 92660 http://www.pivx.com thor@...x.com Phone: +1 (949) 231-8496 PGP: 0x5A276569 6BB1 B77F CB62 0D3D 5A82 C65D E1A4 157C 5A27 6569 PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of Qwik-Fix <http://www.qwik-fix.net>
Powered by blists - more mailing lists