Vulnerability Development mailing list archives
Unchecked buffer in Outlook Newsreader: subject field overflows at 256 characters
From: Gerrie <gerrie () HIT2000 ORG>
Date: Mon, 19 Mar 2001 05:12:32 -0000
By accident I discovered a input validation error. In the usenet group alt.hack.nl there is a posting which has 256 characters in the subject field, with my default outlook newsreader he showed that the posting has a file attached, and the body is empty, if you open the attachment, the text of the body appears. With another newsreader, he shows the long subject field, and the posting whitin the body -just as usual-. Vulnerable: Windows 98SE with Outlook X-Newsreader: Microsoft Outlook Express 5.00.2919.6700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Non-Vulnerable: HP-UX 10.20 X-Newsreader: Microsoft Outlook Express Unix 5.00.2013.1312 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2013.1312 gtx, Gerrie www.hit2000.nl
Current thread:
- Unchecked buffer in Outlook Newsreader: subject field overflows at 256 characters Gerrie (Mar 18)
- Re: Unchecked buffer in Outlook Newsreader: subject field overflows at 256 characters Allard Hoeve (Mar 20)
- Re: Unchecked buffer in Outlook Newsreader, Re: Local Bufferoverflow in OutlookExpress Kevin van der Raad (Mar 22)