Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Strumpf Noir Society (vuln-devlabs.secureance.com)
Date: Sat Jan 12 2002 - 02:55:24 CST
While trying to "persuade" a web mail application in logging me in, I
came across a lil' resource exhaustion "attack" against MS Outlook 98.
Unfortunately, the test system was running Win95 as well and due to
neither product is eligble for patches etc anyways. I was wondering
wether anyone could help me compile some more versioning info on this
to see wether it works on more recent installs as well?
Attached is a malformed message file. If it is unzipped to a directory
and renamed from .xxx to .msg it will cause Explorer.exe and/or
Outlook to start consuming system resources by either viewing it or
its directory. (I would not advice putting it in a system dir)
The test system was running MS Outlook 98 (8.5.6204.0) with the MSIE
4.72.3612.1713 (SP2) (it worked on a similar setup with MSIE
5.00.3105.0106 (SP1) as well).
Any known patches etc for this?
-- Best regards, Strumpf Noir Society mailto:vuln-devlabs.secureance.com
"Mere accumulation of observational evidence is not proof."
-- Death, "The Hogfather"
- application/x-zip-compressed attachment: Untitl_1.zip