Hi,

While trying to "persuade" a web mail application in logging me in, I
came across a lil' resource exhaustion "attack" against MS Outlook 98.
Unfortunately, the test system was running Win95 as well and due to

http://support.microsoft.com/default.aspx?scid=%2Fsupport%2Fsupportnet%2Fsuppobsolescence%2Easp

neither product is eligble for patches etc anyways. I was wondering
wether anyone could help me compile some more versioning info on this
to see wether it works on more recent installs as well?

Attached is a malformed message file. If it is unzipped to a directory
and renamed from .xxx to .msg it will cause Explorer.exe and/or
Outlook to start consuming system resources by either viewing it or
its directory. (I would not advice putting it in a system dir)

The test system was running MS Outlook 98 (8.5.6204.0) with the MSIE
4.72.3612.1713 (SP2) (it worked on a similar setup with MSIE
5.00.3105.0106 (SP1) as well).

Any known patches etc for this?

Thanks,

X. Teunissen

-- 
Best regards,
 Strumpf Noir Society                          mailto:vuln-devlabs.secureance.com
"Mere accumulation of observational evidence is not proof."
-- Death, "The Hogfather"

• application/x-zip-compressed attachment: Untitl_1.zip

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]