[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <010d01c36f9b$61563700$0a0a0a0a@LocalHost>
From: Admin at SecureTarget.Net (Kaveh Mofidi)
Subject: Microsoft Outlook PST Exposure
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Secure Target Network (Security Advisory August 31, 2003)
Topic: Microsoft Outlook PST Exposure
Discovery Date: August 28, 2003
Link to Original Advisory: http://securetarget.net/advisory.htm
Affected applications and platforms:
All versions of Outlook on any Windows platform
Introduction:
everyone work with .pst files, storing and managing his/her Outlook
Data transparently under Microsoft Outlook. A default folder takes
care of these data files at:
%windrive%\Documents and Settings\User Profile\Local
Settings\Application Data\Microsoft\outlook
And all of your data may encrypt and maintain as outlook.pst (or
archive.pst when you just archive your old data).
When you add something to your outlook items (appointments &
meetings, tasks, notes, .), your data file probably increases in size
but when you delete some items (any size, large or small piece of
data), the data do lost from your eyes but usually, does not erase
from .pst files.
Exploit:
As you can probably see, this may effect in a wide range of exposure
attacks; no escalation of privileges or any other system compromise
directly happen. So, anybody with physical access to your computer
would be the reader of your Outlook Items (any task, appointment and
.) and any private information there.
By the way, this may lead to a worth situation, when you just restore
a backed up copy of these .pst files and try to recover your lost
data, but there is something different in backups, because you didn't
copy a refreshed one.
Workaround:
the easiest way to work around this vulnerability is physical
security countermeasures but for your backups, try to "compact" items
before backing up:
1. File?folder?properties of "your desired folder with data
files"?General tab?Advanced?Compact Now
2. File?Data File Management?settings?Compact Now
Tested on:
Outlook 2000 SP3 (9.0.0.6627) on Windows 2000 SP4
Outlook 2002 (10.2627.2625) on Windows XP Professional SP1
Feedback:
Kaveh Mofidi (Admin@...ureTarget.Net)
Secure Target Network (Security Consulting Group)
HTTP://SECURETARGET.NET
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2
iQA/AwUBP1Gzn2O1siv41icpEQJ1QgCg6pgz7WdkyQOfv/NHQHVmLzTTQMkAniWn
xf+uy/vKBnuh7W3jnIV6xVsg
=t/1h
-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030831/99f099aa/attachment.html
Powered by blists - more mailing lists