[15846] in bugtraq
Re: Buffer Overflow in MS Outlook Email Clients
daemon@ATHENA.MIT.EDU (bednar@RAK.ISTERNET.SK)
Tue Jul 18 22:43:27 2000
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="2fHTh5uZTiUOsy+g"
Message-Id: <200007182123.XAA03001@rak.isternet.sk>
Date: Tue, 18 Jul 2000 23:23:57 +0200
Reply-To: bednar@RAK.ISTERNET.SK
From: bednar@RAK.ISTERNET.SK
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <200007180825.SAA29093@rip.rip.org>; from ripper@HOTKEY.NET.AU on
Wed, Jul 19, 2000 at 08:02:27PM +1000
--2fHTh5uZTiUOsy+g
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Hello,
> The bug lies in the shared library INETCOMM.DLL and has been successfully
> exploited on Windows 95, 98 and NT with both Outlook and Outlook Express.
Yes, so what is interesting:
PGPMSIMN caused an invalid page fault in
module INETCOMM.DLL at 0137:5ec076c2.
Registers:
EAX=3D0000016a CS=3D0137 EIP=3D5ec076c2 EFLGS=3D00010293
EBX=3D70bd19da SS=3D013f ESP=3D00e1cc44 EBP=3D00e1cd3c
ECX=3D00000000 DS=3D013f ESI=3D3243eae2 FS=3D330f
EDX=3D0000016b ES=3D013f EDI=3D59ab5ec0 GS=3D0000
Bytes at CS:EIP:
89 0e 89 0f 75 3a 83 f8 05 0f 87 ac b3 02 00 48
Stack dump:
00471348 00e1cd86 70bd19da 65f014db 00400000 bff798cf 81612318 00000000
5ec030e6 00452bac 0045264c 00e1d008 00e1d00c 00000472 00000e10 00471344
Yes, even PGP plugin for MSIE (for what else too???) is vulnerable. Trying =
to build
a secure system using insecure components (e.g. Windows).=20
Juraj.
--2fHTh5uZTiUOsy+g
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE5dMrVI9YYVPIX2mkRAcdNAKCyic715086xffdLzNzHpJRA0aY3gCguQ+i
kgTU8DlQOgN6CH2tHKvuaro=
=FZvc
-----END PGP SIGNATURE-----
--2fHTh5uZTiUOsy+g--
