Vulnerability Development mailing list archives
Local Overflow Vulnerability in MS Outlook 2000....right or wrong, donno :-)
From: dgr8hunt <dhruv_ymca () yahoo com>
Date: Tue, 7 Jun 2005 06:21:49 -0700 (PDT)
heya, Last night I thought to play a bit with Outlook. So started flooding the To: field in outlook 2000. It can take upto a max of 62000 alphabets as input, and when I tried only with around 30000 alphabets it was crashing the box. I thought it as some machine specific problem so tried the same mechanism on different OS(XP, 2000) running with MS Outlook 2000 on different machines and evertime it depicted the same behaviour....ha! machine freezed! Though couldn't spend much time on this, but if its really some sort of overflow attack then it may be used for priviledge escalaton kind of stuff. I am not even sure what the hell it was and how it was happening. I tried to play with ollydbg and reading dmp/sysdata.xml file of Windows when crash happened but couldn't move ahead for further analysis or to write POC.... If anyone else has patience and time then grab the bait and the vulnerability is all yours :) and do send me POC :)....lol... N'Joy -Dhruv __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Current thread:
- Local Overflow Vulnerability in MS Outlook 2000....right or wrong, donno :-) dgr8hunt (Jun 10)