Re: Fix for MS Outlook Vulnerability - shortcut?

[James Stevenson <mistral () stevenson zetnet co uk>]

Hi

its not always that simple with overflows
all data must not be relied on because it overwrites memory
so you will not know if the data is true or that is even when the
problem exists

eg
program does this


runs
getmail from server <-- this is where outlook crashes
does not crash (yep)
read headers (overflow)
do something else
try to do something with mail (oops)
pointers etc.. will be in the wrong place now or something like that because they
have been overwritten
programs crashed
display crash notice not of which may be true
try making the date header even bigger see if you can get data to appear in the stack
etc.. this is how to exploit buffer overflows

cya
        James

In local.vuln-dev, you wrote:
> Hi,
>
> Can anyone tell me whether the inetcomm.dll probolem can be fixed simply by replacing the DLL. If
>  so, why has Microsoft not made the files available individually, instead of as part of complete
>  version upgrade.
>
> If the problem can be addressed by replacing the DLL, would anyone be interested in helping to
>  compile a list of the DLLs for the various MS flavours (95, 98, NT & 2000), or is the same DLL
>  always used?
>
> Thanks and Regards
>
> Charl
>
> ===========================================================================
> charl van der walt             +27 83 454 4203         SensePost (Pty) Ltd
> ===========================================================================
>
> PS We have something of a bandwidth restriction here in the 3rd world so if the hole can be
>  plugged without having to download MEGS of data from the USA that would be nice :)


--
---------------------------------------------
Check Out: http://www.users.zetnet.co.uk/james/
E-Mail: mistral () stevenson zetnet co uk
  1:50am  up 5 days, 12:11,  6 users,  load average: 0.06, 0.40, 0.54