Vulnerability Development mailing list archives

Unchecked buffer in Outlook Newsreader: subject field overflows at 256 characters

From: Gerrie <gerrie () HIT2000 ORG>
Date: Mon, 19 Mar 2001 05:12:32 -0000

By accident I discovered a input validation error.

In the usenet group alt.hack.nl there is a posting which has 256 characters
in the subject field, with my default outlook newsreader he showed that the
posting has a file attached, and the body is empty, if you open the
attachment, the text of the body appears.

With another newsreader, he shows the long subject field, and the posting
whitin the body -just as usual-.

Vulnerable:
Windows 98SE with Outlook
X-Newsreader: Microsoft Outlook Express 5.00.2919.6700
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400

Non-Vulnerable:
HP-UX 10.20
X-Newsreader: Microsoft Outlook Express Unix 5.00.2013.1312
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2013.1312

gtx,
Gerrie
www.hit2000.nl

Current thread:

Unchecked buffer in Outlook Newsreader: subject field overflows at 256 characters Gerrie (Mar 18)
- Re: Unchecked buffer in Outlook Newsreader: subject field overflows at 256 characters Allard Hoeve (Mar 20)
- Re: Unchecked buffer in Outlook Newsreader, Re: Local Bufferoverflow in OutlookExpress Kevin van der Raad (Mar 22)