[14034] in bugtraq
Re: {\rtf\a112911112911112911112911...112911} in the body will cr
daemon@ATHENA.MIT.EDU (Eric D. Williams)
Fri Feb 25 20:00:44 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-Id: <01BF7F8D.D9EA4AF0.eric@infobro.com>
Date: Fri, 25 Feb 2000 12:42:32 -0500
Reply-To: "Eric D. Williams" <eric@INFOBRO.COM>
From: "Eric D. Williams" <eric@INFOBRO.COM>
X-To: "BUGTRAQ@SECURITYFOCUS.COM" <BUGTRAQ@SECURITYFOCUS.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Problems also noted with Outlook 97 - version info: 8.04.5619
Windows NT Server - sp 6a
Eric
Eric Williams, Pres.
Information Brokers, Inc. Phone: +1 202.889.4395
http://www.infobro.com/ Fax: +1 202.889.4396
mailto:eric@infobro.com Pager: +1 301.303.8998
For More Info: info@infobro.com
PGP Public Key
http://new.infobro.com/KeyServ/EricDWilliams.asc
Finger Print: 1055 8AED 9783 2378 73EF 7B19 0544 A590 FF65 B789
On Thursday, February 24, 2000 2:10 AM, Dawes, Rogan (ZA - JNB)
[SMTP:rdawes@DELOITTE.CO.ZA] wrote:
> And having it in the subject causes funnies with the full outlook
2000
> client as well.
>
> I was scrolling through the bugtraq messages, and noted that this
> message(call it #2) had the same subject that the previous
message(#1) did,
> although the window title had been updated appropriately. Moving on
to the
> next message (#3), and going back again left me with the subject
from
> message #3 showing on the subject line.
>
> It may be possible to overflow Outlook itself by including a
carefully
> crafted subject line.
>
> Outlook version 9.0.0.2711 on NT 4 SP5
>
> Rogan
>
> > -----Original Message-----
> > From: Indeera [mailto:indeera_@HOTMAIL.COM]
> > Sent: Wednesday, February 23, 2000 11:49 PM
> > To: BUGTRAQ@SECURITYFOCUS.COM
> > Subject: {\rtf\a112911112911112911112911...112911} in the body
will
> > crash OE5 clients.
> >
> >
> > This was tested by sending a message having the above string
> > in the body
> > from hotmail to OE5 client version 5.50.3825.400 on NT4
> > server sp6. first
> > experianced while trying to open the message sent by Pauli
> > Ojanpera subject
> > reading 'riched32.dll buffer overflow'. Might not work in other
OE5
> > versions. Just thought some one might be interested in this.
> > cheers
> > ind
> > ______________________________________________________
> > Get Your Private, Free Email at http://www.hotmail.com
> >
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.5.5 for non-commercial use <http://www.nai.com>
iQA/AwUBOLa/AAVEpZD/ZbeJEQLyEACdGHrrYuTFx+tIyLA0vxBfWLE5p+QAoJYR
KndkyUGH2fQ+RpAP/rZErLwo
=z6dl
-----END PGP SIGNATURE-----
