Date: 26 February 2001
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2001.080 -- Microsoft Security Bulletin MS01-012
Outlook, Outlook Express Vcard Handler Contains Unchecked Buffer
26 February 2001
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Outlook 98
Outlook 2000
Outlook Express 5.01
Outlook Express 5.5
Vendor: Microsoft
Impact: Denial of Service
Execute Arbitrary Code/Commands
Access Required: Remote
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
- - ----------------------------------------------------------------------
Title: Outlook, Outlook Express Vcard Handler Contains
Unchecked Buffer
Date: 22 February 2001
Software: Outlook, Outlook Express
Impact: Run code of attacker's choice
Bulletin: MS01-012
Microsoft encourages customers to review the Security Bulletin at:
http://www.microsoft.com/technet/security/bulletin/MS01-012.asp.
- - ----------------------------------------------------------------------
Issue:
======
Outlook Express provides several components that are used both by it
and Outlook, if Outlook is installed on the machine. One such
component, used to process vCards, contains an unchecked buffer.
By creating a vCard and editing it to contain specially chosen data,
then sending it to another user, an attacker could cause either of
two effects to occur if the recipient opened it. In the less serious
case, the attacker could cause the mail client to fail. If this
happened, the recipient could resume normal operation by restarting
the mail client and deleting the offending mail. In the more serious
case, the attacker could cause the mail client to run code of her
choice on the user's machine. Such code could take any desired
action, limited only by the permissions of the recipient on the
machine.
Because the component that contains the flaw ships as part of OE,
which itself ships as part of IE, the patch is specified in terms of
the version of IE rather than OE or Outlook.
Mitigating Factors:
====================
- There is no means by which a Vcard could be made to open
automatically.
Patch Availability:
===================
- A patch is available to fix this vulnerability. Please read the
Security Bulletin
http://www.microsoft.com/technet/security/bulletin/ms01-012.asp
for information on obtaining this patch.
Acknowledgment:
===============
- Ollie Whitehouse of @Stake (www.atstake.com)
- - ---------------------------------------------------------------------
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED
"AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL
WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT
SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY
DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL,
CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF
MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION
OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO
THE FOREGOING LIMITATION MAY NOT APPLY.
- -----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3
iQEVAwUBOpXajo0ZSRQxA/UrAQHE/wf/UAy7GXCnezaGbWOjxjpgK5vuhCs/e37J
3hfsPFLqtxMqA/1L0OtnkhSlGIjIciwkCD0A7Uq6wFp+deA/Squ+zCrucZHGwBGr
Czw/7+W7lZ7FzZBF2jbs6ZNjyM3jyYE8TalsMlOFO3SXwXdX1j/PEeJ3jC5dnYuj
d1mjvCMGjdhFSFm0zcOVPhOPci4AXjGNSah5tJIu2u5gzCnfCh7DEurMajr5cjnY
qLq6tMEwgninJJNIxSjl6p5v9Va0rlZ+du6SDfYoSgC2cXgxWe7uo9qFrkzxK9ER
BzVhwe37jOp21P6qkCB5Rbymvrbr3748SHcoBMTXHZ1M0WZFe92oXg==
=2/Vm
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to use any or all of this information is
the responsibility of each user or organisation, and should be done so in
accordance with site policies and procedures.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the original authors to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/Information/advisories.html
If you believe that your system has been compromised, contact AusCERT or
your representative in FIRST (Forum of Incident Response and Security
Teams).
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for emergencies.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key
iQCVAwUBOppuMSh9+71yA2DNAQHoqQQAlwOXwUooGc9whYEFFxp29DwU337KfktS
LQIgzN41GVmKhhY/DfEzCs9ZtNtWScw4cPgygskTl56CIEGOQkSGEyPxViPRpYNm
8/Tsp3LuMSA/FuUAPbWkpCYdpi4lsSJ1Zn1gU9TtTYG/7/q5BRNYSkhoAJ3yhwUG
7mnVPHDITy4=
=4p6V
-----END PGP SIGNATURE-----
|