Bugtraq mailing list archives
Re: One of the Outlook overflows
From: prj () NLS NET (Phillip R. Jaenke)
Date: Wed, 29 Jul 1998 23:26:22 -0400
On Wed, 29 Jul 1998, Ryan Veety wrote:
There have been a few posts about overflows in MS Outlook, but they have not told exactly where in the message the overflow exists. I have found one of them, within the description of an attachment. If the filename given is very large, it makes Outlook crash. I tried this on Outlook v4.72.2106.4 on NT 4.0, and on win95. In both cases it reported an error at address 0x41414141 (41 == hex A). Here is the message that caused the errors:
Also confirmed to break popclient, presumably fetchpop. They apparently parse the headers completely when writing to a file (-o option). Basically, popclient/fetchpop, when outputting, parse ALL headers. No matter WHERE they are. Example; From: Bob Dobbs <thealmighty () subgenius com> To: popclient luser <luser () pop luser com> Subject: haha. lalalalaaaa... alalalalaaa RandomHeader: AAAAAAAAAAAAAAA<etc, etc> popclient/fetchpop will parse this incorrectly, resulting in an attempt to delete a message which does not exit. popclient will then segfault. Pine appears to have no problems with headers in messages tho. --Phillip R. Jaenke (prj () nls net - InterNIC: PRJ5) TheGuyInCharge(tm), Ketyra Designs, Inc. "That's IT! I'm gonna slap Dr.Watson with a malpractice suit!!" --Keihra ObBob! KHpB lWulH EO m23 C(PEW) B-18 OlO LM(p) ScjnM T++ A9! H8oc b123 D+ ! I reserve the right to bill spammers for my time and disk space !
Current thread:
- One of the Outlook overflows Ryan Veety (Jul 29)
- Re: One of the Outlook overflows Phillip R. Jaenke (Jul 29)