An unchecked buffer in Outlook may allow a malformed date parameter to run arbitrary code to execute on the system. The overrun occurs when a string is appended to the end of the Date parameter in the SMTP mail header as seen in the example below. DEMONSTRATION The following series of SMTP mail commands will initiate the buffer overrun when the user receives the email via an unpatched version of Outlook: HELO USSRLabs has also made available a series of client-side tools that demonstrate the problem: VENDOR RESPONSE Microsoft issued FAQ# FQ00-043 regarding this problem along with a patch and Support Online article Q267884, which also pertain to security issues MS00-043 and MS00-046. Microsoft"s bulletin states that "this vulnerability can be eliminated by taking any of the
following actions: Note: The patch requires IE 4.01 SP2 (http://www.microsoft.com/windows/ie/download/ie401sp2.htm)
or IE 5.01 (http://www.microsoft.com/windows/ie/download/ie501.htm)
to install. Customers who install this patch on versions other than these may receive a
message reading "This update does not need to be installed on this system". This
message is incorrect. More information is available in KB article Q267884" CREDIT |
Unchecked Buffer in Outlook May Run Arbitrary Code
0 comments
Hide comments