Bugtraq mailing list archives

Re: {\rtf\a112911112911112911112911...112911} in the body will cr ash OE5 clients.

From: rdawes () DELOITTE CO ZA (Dawes, Rogan (ZA - JNB))
Date: Thu, 24 Feb 2000 09:09:37 +0200


And having it in the subject causes funnies with the full outlook 2000
client as well.

I was scrolling through the bugtraq messages, and noted that this
message(call it #2) had the same subject that the previous message(#1) did,
although the window title had been updated appropriately. Moving on to the
next message (#3), and going back again left me with the subject from
message #3 showing on the subject line.

It may be possible to overflow Outlook itself by including a carefully
crafted subject line.

Outlook version 9.0.0.2711 on NT 4 SP5

Rogan

-----Original Message-----
From: Indeera [mailto:indeera_ () HOTMAIL COM]
Sent: Wednesday, February 23, 2000 11:49 PM
To: BUGTRAQ () SECURITYFOCUS COM
Subject: {\rtf\a112911112911112911112911...112911} in the body will
crash OE5 clients.

This was tested by sending a message having the above string
in the body
from hotmail to OE5 client version 5.50.3825.400 on NT4
server  sp6. first
experianced while trying to open the message sent by Pauli
Ojanpera subject
reading 'riched32.dll buffer overflow'. Might not work in other OE5
versions.  Just thought some one might be interested in this.
cheers
ind
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com

Current thread:

Re: {\rtf\a112911112911112911112911...112911} in the body will cr ash OE5 clients. Dawes, Rogan (ZA - JNB) (Feb 23)
- <Possible follow-ups>
- Re: {\rtf\a112911112911112911112911...112911} in the body will cr ash OE5 clients. Eric D. Williams (Feb 25)