Vulnerability Development mailing list archives

BUGLOOK: Outlook Express 6.00 + MS Exchange Server version 5.5

From: "http-equiv () excite com" <http-equiv () excite com>
Date: Wed, 5 Dec 2001 17:25:15 -0800 (PST)

Apparently not suitable for prime-time it seems. Forwarding mail could
definitely be a cause for concern.

In any event for the records:

Sunday, December 02, 2001 

There is a peculiar [and annoying] incestual behaviour between Outlook
Express 6.00 and Microsoft Internet Exchange Server 5.5[specifically
MSExchange Server version 5.5.2653.12]. What happens is your, 'friend' at
his corporation, not knowing much about MUA's continually sends you emails
with Outlook's default Mail Send setting of html. You receive the mail
message, hit reply, and as a courtesy, under format, select plain text and
fire away. 

For some odd reason, Outlook Express couples the original subject in 
thereceived mail message to your first sentence in your reply: 

Subject: Let's Go Get Stoned 

Reply with your first sentence: 

Let's Go Get Stonedyou sure? 

These are default settings for both Outlook Express 6.00 ['reply to message
using the format in which they were sent'] and both Outlook and
OutlookExpress 'send' is set to HTML format out of the box. 

While it is annoying, the implications are that many if not most CEO's of
bloatedcorp.com make it a habit of addressing staff and writing their entire
message in the subject field of the mail messages.  Forwarding or replying
to such a mail regardless of changing the subject field, results in the
original subject field being coupled to the first sentence in the outgoing 
mail message. 

Working Example: 

1. Ensure your Outlook Express 6 is set at default i.e. 'reply to message
using the format in which they were sent' 
2. Hit reply or forwad, select FORMAT::PLAIN TEXT. Include some text in the
reply or forward, and change the original subject. 
3. Send or Work Off-Line and check the message in the outbox. The original
subject field will be attached to your first sentence ready for
transmission. 

http://www.malware.com/buglook.zip 

Notes: none 

End Call 

--- 
http://www.malware.com 






______________________________________________________________________________
Send a friend your Buddy Card and stay in contact always with Excite Messenger
http://messenger.excite.com

Current thread:

BUGLOOK: Outlook Express 6.00 + MS Exchange Server version 5.5 http-equiv () excite com (Dec 05)
- <Possible follow-ups>
- Re: BUGLOOK: Outlook Express 6.00 + MS Exchange Server version 5.5 http-equiv () excite com (Dec 05)