lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <014101c3e45f$abc730d0$6401a8c0@0xff>
From: thor at pivx.com (Thor Larholm)
Subject: Outlook Express - is this possible?

> From: "Nick FitzGerald" <nick@...us-l.demon.co.uk>
> "Gregh" <chows@...mail.com.au> wrote:
> > I believe an exploit cropped up within the last 12 months or so for OE
> > (version unknown) where the user has preview pane OFF and receives an
email
> > that he doesn't actually double click on to open. However, in deleting
it,
> > the user either web bugs himself or puts some sort of exploit in.
>
> There was an exploitable buffer overflow in a date handling routine in
> some .DLL (MSHTML.DLL ???) that OE used for its date functions.
>
> I have a feeling that was closer to two years ago, but have not
> bothered to search the archives to check...

It was almost 4 years ago, roughly 3? to be exact, on July 18 2000.

"Microsoft Outlook / Outlook Express GMT Field Buffer Overflow
Vulnerability"
http://www.securityfocus.com/bid/1481

Details in original post:
http://www.securityfocus.com/archive/1/70543

You just had to download the email to be exploited.


Regards

Thor Larholm
Senior Security Researcher
PivX Solutions
24 Corporate Plaza #180
Newport Beach, CA 92660
http://www.pivx.com
thor@...x.com
Phone: +1 (949) 231-8496
PGP: 0x5A276569
6BB1 B77F CB62 0D3D 5A82 C65D E1A4 157C 5A27 6569

PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of
Qwik-Fix
<http://www.qwik-fix.net>


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ