lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
From: Admin at SecureTarget.Net (Kaveh Mofidi)
Subject: Microsoft Outlook PST Exposure

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Secure Target Network (Security Advisory August 31, 2003) 
Topic: Microsoft Outlook PST Exposure
Discovery Date: August 28, 2003
Link to Original Advisory: http://securetarget.net/advisory.htm

Affected applications and platforms: 
All versions of Outlook on any Windows platform

Introduction: 
everyone work with .pst files, storing and managing his/her Outlook
Data transparently under Microsoft Outlook. A default folder takes
care of these data files at: 
%windrive%\Documents and Settings\User Profile\Local
Settings\Application Data\Microsoft\outlook
And all of your data may encrypt and maintain as outlook.pst (or
archive.pst when you just archive your old data).
When you add something to your outlook items (appointments &
meetings, tasks, notes, .), your data file probably increases in size
but when you delete some items (any size, large or small piece of
data), the data do lost from your eyes but usually, does not erase
from .pst files.

Exploit: 
As you can probably see, this may effect in a wide range of exposure
attacks; no escalation of privileges or any other system compromise
directly happen. So, anybody with physical access to your computer
would be the reader of your Outlook Items (any task, appointment and
.) and any private information there.
By the way, this may lead to a worth situation, when you just restore
a backed up copy of these .pst files and try to recover your lost
data, but there is something different in backups, because you didn't
copy a refreshed one.

Workaround: 
the easiest way to work around this vulnerability is physical
security countermeasures but for your backups, try to "compact" items
before backing up:
1. File?folder?properties of "your desired folder with data
files"?General tab?Advanced?Compact Now
2. File?Data File Management?settings?Compact Now

Tested on: 
Outlook 2000 SP3 (9.0.0.6627) on Windows 2000 SP4
Outlook 2002 (10.2627.2625) on Windows XP Professional SP1

Feedback: 
Kaveh Mofidi (Admin@...ureTarget.Net) 
Secure Target Network (Security Consulting Group) 
HTTP://SECURETARGET.NET

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2

iQA/AwUBP1Gzn2O1siv41icpEQJ1QgCg6pgz7WdkyQOfv/NHQHVmLzTTQMkAniWn
xf+uy/vKBnuh7W3jnIV6xVsg
=t/1h
-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030831/99f099aa/attachment.html

Powered by blists - more mailing lists