secureMICROSOFT.COM

• Next message: Henrik .H: "Re: Eudora Pro & Outlook Overflow - too long filenames again"
• Previous message: zillion: "Banner Rotation 01"
• Maybe in reply to: Ultor: "Eudora Pro & Outlook Overflow - too long filenames again"
• Next in thread: Henrik .H: "Re: Eudora Pro & Outlook Overflow - too long filenames again"
• Maybe reply: Microsoft Security Response Center: "Re: Eudora Pro & Outlook Overflow - too long filenames again"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----

Hi All -

I believe this vulnerability was eliminated by
http://www.microsoft.com/technet/security/bulletin/ms98-008.asp.
Regards,

Securemicrosoft.com

- -----Original Message-----
From: Ultor [mailto:UltorHERT.ORG]
Sent: Monday, May 15, 2000 5:56 AM
To: BUGTRAQSECURITYFOCUS.COM
Subject: Eudora Pro & Outlook Overflow - too long filenames again

==== APPLICATIONS AFFECTED

Qualcomm Eudora Pro (all versions)
Outlook Express 4.*
Microsoft Outlook 98

Eudora Light and Outlook Express 5.0 are NOT affected

==== DESCRIPTION

These e-mail/news programs improperly handle filenames of files
attached in
e-mails. Too long filename can result in a buffer overflow condition
when
the program processes the attachment and tries to save the temporary
file.

As the reader generally processes the attachments when the user reads
the
message, the buffer overflow condition can be initiated.

In Outlook if filename got graphic file extension then the buffer
overflow
condition can be initiated when trying to view the message (my last
post on
BUGTRAQ) if not then overflow will occur if user will try to save/open
attached file.

In Eudora Pro e-mail is processed while downloading mail from server
so
buffer overflow occurs when message is processed from spool directory.
This
can even lock e-mail account for the Eudora Pro users. As i know same
problem is in Microsoft Outlook 98 version.

==== EXAMPLE

Example Outlook e-mails are attached with this message (sorry to all
Eudora
Pro
users for latest problems).

==== EXPLOITATION

possible ... have fun =)

==== PATCHES

If you use Outlook 98 or 4.* then change it on 5.* version. If you
like
Eudora style then use Eudora Light or wait for Eudora Pro patches.

PS. In my opinion saving temporary files with same filenames as files
attached in e-mail is very lame. They should use random filenames.

==== CREDITS

Greetz for notice that Eudora Pro is vulnerable for same bug as
Outlook to:

Felicia Catherine Kaye <felinefeline.pp.se>
Michael Smith <mikeicon.co.za>

Greeetz to HERT,Lam3rZ,TESO

- ----------------------
Mark Bialoglowy [Ultorhert.org] --- Network Security Consultant
Age: 19 -- Country: PL -- PGP: http://www.hert.org/pgp/Ultor.asc
CODE: C / Delphi / w32asm / Linux / SQL / CGI / HTML / VRML / AI
- ----------------------

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2

iQEVAwUBOSGFVI0ZSRQxA/UrAQF1iAf8DkiL6x2ZN+NVgDIVrKS4jAwRK6VluxJT
tVAveCMrmcihGO8VS+NjGwh+WQZb+K/7Am8nwEg6SvhKWIfana274TQga+wHaz3T
bOxT/KSRuNT3TGajpNLWu+EhL9wXNwmTv2Jy3auVYA6/xuFVxZ6aBq6zmsQVvqTa
/gWUV2TflRy+/1O9gmjpuRdL4tWHiH4C27qZSplFuHyRBKjr9ZSUQEHUU9W0BfW8
wsqr3pXKvhji7PYNy1/gEFbL+bNWtcLInBqeSGiMlMKmIFea7CAAmGJ6efQTArLT
u3xZTXLC2kBn7iPh3O9uB1d/WYBhO2kcXUjhVMww8t2Nmzx/9BzTYw==
=dKUn
-----END PGP SIGNATURE-----

• Next message: Henrik .H: "Re: Eudora Pro & Outlook Overflow - too long filenames again"
• Previous message: zillion: "Banner Rotation 01"
• Maybe in reply to: Ultor: "Eudora Pro & Outlook Overflow - too long filenames again"
• Next in thread: Henrik .H: "Re: Eudora Pro & Outlook Overflow - too long filenames again"
• Maybe reply: Microsoft Security Response Center: "Re: Eudora Pro & Outlook Overflow - too long filenames again"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]