Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Microsoft Outlook (Express) bug..

From: aleph1 () SECURITYFOCUS COM (Elias Levy)
Date: Fri, 9 Jun 2000 21:57:16 -0700

Summary of messages in this thread.

Steve Wolfe <steve () iboats com>:

I tried to recreate this on our mail server, and Outlook didn't complain
at all.  Here's the config:
mail server:  qmail                                                             POP server:  qmail-pop3d                
                                        message delivery format:  qmail's "Maildir" format                              
MUA:   Outlook Express 5.0
So... it sounds like the discrepency could be from the version of
Outlook, or even (possibly) from the POP/IMAP server.  Interesting...

Travis Ogdon <togdon () easystreet com>:

This is also true for all messages with the following invalid headers:

Return-Path: <>
From: <>

Whenever we see SPAM like this coming in we must actually remove it from
our users mailboxes in order for them to check their mail. I believe
that the bug exists in Outlook97 as well, and may actually be fixed in
more recent versions of Outlook Express. Outlook97 always seems to be
our biggest problem.

Matthew J. Brown <mb () skypoint com>:

I just tried it on Outlook 97 8.02.4212, and it actually crashed
Outlook.  I'm going to assume that the customers who are having trouble
with this are using a version in that same era..

Tillman <tillman () hodgsonhouse com>:

I was unable to confirm this vulnerability.
The version of Outlook Express tested was 5.002314.1300. Bringing up the
properties for the email in Outlook Express confirmed that it saw a blank bcc:
and reply-to: line. It was, however, able to successfully receive email after
having received this email.

Nick FitzGerald <nick () virus-l demon co uk>:

I tried it here against a Win32 POP3 server on the local test
network and Outlook 98 (8.5.5104.6 according to Help/About) and OE
5.0 (5.00.2314.1300).  Both mail clients happily snarfed all messages
with blank Reply-to: and/or BCC: headers.

Vyacheslav O. Myskin <mvo () sinor ru>:

Everything works fine with this message. Outlook Express
4.72.3612.1700 , Windows 98, Cyrus IMAP/pop3 1.5.19.

Andreas Lund <floyd () atc no>:

When something is unbelieveable, it's usually because one has missed
something. Lots and lots of auto-generated email from web-based services
etc. leave these fields blank, and in my experience OE is fully capable of
downloading those messages just like any others. (Sorry... ;-)
What kind of mail server are we talking about here? Have you tried using a
different one?

Matthew J. Brown <mb () skypoint com>:

I'm using Sendmail, so I have a hard time believing that that is the cause
of this.  I have been talking to a few other ISP's around the country, and
they too have had this problem.  None of our software is exactly the same
though.  Granted, most of them are running sendmail, but the pop3 servers
vary.  I've recently found out that Exchange may also be vulnerable to
this.  I'm going to look into that a bit more today.  So far, we've
discovered that 5.x does not appear to be vulnerable, however the 8.x
build is a different story.

I've tried it on 8.02.4212, and it crashes when it recieves that type of
e-mail.  Also, thanks to Travis Ogdon (togdon () easystreet com), we've found
out that "Return-Path:" and "From:" being null will also cause this
problem.

--
Elias Levy
SecurityFocus.com
http://www.securityfocus.com/
Si vis pacem, para bellum
Previous By Date Next
Previous By Thread Next

Current thread: