[19358] in bugtraq
Re: Microsoft Security Bulletin MS01-012
daemon@ATHENA.MIT.EDU (joelmoses@mindspring.com)
Mon Feb 26 14:59:06 2001
Message-ID: <Springmail.105.982963826.0.29339800@www.springmail.com>
Date: Fri, 23 Feb 2001 16:30:26 -0500
Reply-To: joelmoses@mindspring.com
From: joelmoses@mindspring.com
To: BUGTRAQ@SECURITYFOCUS.COM
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I think it's worth noting that CVE#CAN-2000-0756 (a problem I
reported to both Bugtraq and Microsoft in August 2000) is a duplicate
of this particular bug, but also includes extra details about vCard
infotypes.
It's worth noting that the field exploited by @stake is the BDAY:
field, and the EMAIL: field is also potentially vulnerable. Several
other fields, including:
- - name:
- - nickname:
- - fn:
- - title:
- - title;language=de;value=text:
- - tel:
- - tel;<label>:
- - tel;<label>,<label>:
can also be used to drive OUTLOOK.EXE to utilize nearly all of the
CPU when given input beyond allocated buffer space.
I don't have the slightest idea why it took this long for the issue
to come to a patch resolution by Microsoft, other than to say their
ideas about disclosure don't necessarily match mine. And that's to
say nothing about @stake not crediting me... but that's water under
the bridge, now isn't it? :>
Joel Moses, CISSP
Nashville, TN
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.1
iQA/AwUBOpbWbWqHKmLSRN7cEQLVRACfbjLKgLLFOaUMU0X5X2Y2y282LGMAoJMR
u4AA55iK70YNwOcxzrJgyo1S
=xEIj
-----END PGP SIGNATURE-----
