Re: Possible Buffer OverFlow in OutLook Express 5

["Stanley G. Bubrouski" <stan () ccs neu edu>]

Well from your description and the crash info it doesn't look like a
buffer overflow of any sort, but I'll look into it just the same, since
I've never had the horror of looking at Outlook up closely (I mostly stick
to Unix, I like gdb.)

-Stan

--
Stan Bubrouski                                       stan () ccs neu edu
23 Westmoreland Road, Hingham, MA 02043        Cell:   (617) 835-3284


On Tue, 7 Aug 2001, Nabil Ouchn/Operations/TrustVision wrote:

> I've posted this message long time ago and received some confirmation it
> works...
>
> The description is :
>
> Recently I was playing with OutLook Express 5... and decided to create a
> rule in order to test black list blocking.
>
> I create a rule with these conditions
> 1 -  The line "FROM" contains : <sentto>
> 2 - When the message body contains the word : <sentto>
> 3- The line "TO" contains : <sentto>
>
> The action when all these conditions are satisfied is :
> Do not download file from Server
>
>
>
>
> I then restarted Outlook....but when I began to receive mails...Outlook
> hangs...and give this :
>
> MSIMN a caus? une d?faillance de page dans
>  le module MSOE.DLL ? 0167:7a0e58a0.
> Registres :
> EAX=00000000 CS=0167 EIP=7a0e58a0 EFLGS=00010246
> EBX=004609c0 SS=016f ESP=00add5b0 EBP=00add614
> ECX=00001000 DS=016f ESI=00455ab4 FS=46e7
> EDX=00add568 ES=016f EDI=00000000 GS=0000
> Octets ? CS : EIP :
> 8b 08 ff 51 20 3b c7 89 45 f8 0f 8c ff 2b fe ff
> ?tat de la pile :
> 00000000 00000000
> 00add984 00455ab4
> 004609c0 00000000
> 00000000 00000000
> 00000000 00000000
> 00000000 00000000
> 00000000 0046d470
> 00000000 00000000
>
> And some times got a bluescreen !
>
> fix : When I removed the rule....everything worked well !!!! ???
>
> Can you reproduce this bug and confirm what I write here..
>
> Thank you a lot
> Nabil Ouchn
> Security Consultant at TrustVision/NET2S