Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Posting from Analysys on MS Outlook Buffer Exploit

From: Elias Levy <aleph1 () SECURITYFOCUS COM>
Date: Wed, 2 Aug 2000 15:05:03 -0700
----- Forwarded message from Jim Warwick <jim.warwick () analysys com> -----

Message-ID: <011b01bff870$5f658ea0$1001010a () analysys co uk>
From: "Jim Warwick" <jim.warwick () analysys com>
To: <aleph1 () securityfocus com>
Subject: Posting from Analysys on MS Outlook Buffer Exploit
Date: Fri, 28 Jul 2000 09:46:50 +0100
Organization: Analysys Ltd
X-Mailer: Microsoft Outlook Express 5.00.2919.6600

Elias,

could you post the following as our official company response to Chris Paget's contribution on the MS Outlook Email 
buffer overflow exploits.

Thanks

Jim Warwick

=====================================
I would like to make a response to this thread as Chris Paget's employer.

We were surprised to see that Chris had posted a message suggesting the implementation of an "Antibody" program 
(designed to propogate patches and security fixes via MS Outlook) which has all the characteristics of a virus.

This is a matter we take seriously, for several reasons.  Chris's original posting with the "Antibody" idea was not 
thought through - he had not taken account of the potential harm that such a program could and would cause the 
community.  Also, the views he expressed were entirely his own, and the association of his personal views with our 
company is highly misleading - Analysys is undertaking no work in this field.

We have talked with Chris about this, and he appreciates the mistakes of posting the original message.  We are certain 
that this incident results from Chris's over enthusiasm for the idea he had for the "Antibody" program, rather than any 
malicious intent on his part.

We have also made it clear that Chris should not develop any version of an "Antibody" or derivative program (whether 
friendly or not).

I hope this will reassure the respondents to Chris's original posting.

Regards

Jim Warwick
Technical Director, Analysys Ltd


----- End forwarded message -----

--
Elias Levy
SecurityFocus.com
http://www.securityfocus.com/
Si vis pacem, para bellum
Previous By Date Next
Previous By Thread Next

Current thread: