Vulnerability Development mailing list archives
oulook resource exhaustion
From: Strumpf Noir Society <vuln-dev () labs secureance com>
Date: Sat, 12 Jan 2002 09:55:24 +0100
Hi, While trying to "persuade" a web mail application in logging me in, I came across a lil' resource exhaustion "attack" against MS Outlook 98. Unfortunately, the test system was running Win95 as well and due to http://support.microsoft.com/default.aspx?scid=%2Fsupport%2Fsupportnet%2Fsuppobsolescence%2Easp neither product is eligble for patches etc anyways. I was wondering wether anyone could help me compile some more versioning info on this to see wether it works on more recent installs as well? Attached is a malformed message file. If it is unzipped to a directory and renamed from .xxx to .msg it will cause Explorer.exe and/or Outlook to start consuming system resources by either viewing it or its directory. (I would not advice putting it in a system dir) The test system was running MS Outlook 98 (8.5.6204.0) with the MSIE 4.72.3612.1713 (SP2) (it worked on a similar setup with MSIE 5.00.3105.0106 (SP1) as well). Any known patches etc for this? Thanks, X. Teunissen -- Best regards, Strumpf Noir Society mailto:vuln-dev () labs secureance com "Mere accumulation of observational evidence is not proof." -- Death, "The Hogfather"
Attachment:
Untitl~1.zip
Description:
Current thread:
- oulook resource exhaustion Strumpf Noir Society (Jan 12)
- <Possible follow-ups>
- Re: oulook resource exhaustion Strumpf Noir Society (Jan 12)