Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

UPDATE was RE: [NT] Microsoft Multiple E-Mail Client AddressSpoofing Vulnerability

From: "Randall M" <randallm () fidmail com>
Date: Mon, 11 Apr 2005 02:43:09 -0500


:-----Original Message-----
:From: full-disclosure-bounces () lists grok org uk 
:[mailto:full-disclosure-bounces () lists grok org uk] On Behalf 
:Of Randall M
:Sent: Sunday, April 10, 2005 7:43 PM
:To: 'SecuriTeam'; full-disclosure () lists grok org uk
:Subject: [Full-disclosure] RE: [NT] Microsoft Multiple E-Mail 
:Client AddressSpoofing Vulnerability
:
:
:Overall finding: No spoofing is of concern with POP3 account 
:or Exchange 2000 using Outlook 2003 since "reply" or "reply to 
:all" will only go to the spoof address (used for social 
:engineering) and not the default sender address (the one 
:attempting to use social engineering). Thus social engineering 
:attempts will not work.
:
<SNIP>
____________________________________


I would like to add though a concern. Even though a reply cannot
lead to gaining inside information because the "replying" will only
go to the spoofed address, a "Spoofing" of the sender
can be used to encourage clicking on a link intended to be
harmful. And as it was pointed out that care should be followed,
if the email is viewed with preview pane it is not apparent that
the sender spoofed his address. If my boss sends an email and says
"I want you to read this" I usually don't question the "sender" or
think it to be spoofed. This then brings in to question the rights
of "Send on behalf" that seems to be by passed on Exchange Server.


Thank You
RandallM


__________________________________________________________________-
:-----Original Message-----
:From: SecuriTeam [mailto:support () securiteam com] 
:Sent: Sunday, April 10, 2005 10:50 AM
:To: list () securiteam com
:Subject: [NT] Microsoft Multiple E-Mail Client Address 
:Spoofing Vulnerability
:
<SNIP>-----------------------
:---------
:
:
:SUMMARY
:
: <http://www.microsoft.com/outlook/> Microsoft Outlook 
:provides an integrated solution for managing and organizing 
:e-mail messages, schedules, tasks, notes, contacts, and other 
:information. Remote exploitation of an address spoofing 
:vulnerability in various Microsoft Corp. e-mail clients could 
:allow attackers to social engineer sensitive information from 
:end users.

<SNIP>
______________________________________


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: