[Full-Disclosure] Outlook Express Remote Code Execution in Pr eview Pane (S/MIME)

From: David Vincent (david.vincent@mightyoaks.com)
Date: 10/11/02 

From: david.vincent@mightyoaks.com (David Vincent)
Date: Thu, 10 Oct 2002 23:21:05 -0700

>Nevertheless, there is still something bothering me: if you look at the IE
6
>SP1 fix list (linked from
>http://support.microsoft.com/default.aspx?scid=kb;en-us;Q326489), there is
>absolutely no reference to this problem.
>
>So, Microsoft addressed a critical problem in the service pack, but decided
>to keep silent about it until now.
>
>I wonder what else has been hidden.

i've been wondering the same thing. they also rolled a remote desktop fix
into xp sp1 and later released a patch for w2k and xp.

lesee... remember this?

-----

Title: Cryptographic Flaw in RDP Protocol can Lead to
            Information Disclosure (Q324380)
Released: 18 September 2002
Software: Microsoft Windows 2000
            Microsoft Windows XP
Impact: Two vulnerabilities: information disclosure, denial of
            service
Max Risk: Moderate
Bulletin: MS02-051

-----

and then...

-----

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
bulletin/MS02-051.asp

Additional information about this patch
Installation platforms:

The patch for Windows 2000 can be installed on systems running Windows 2000
Service Pack 2 or Windows 2000 Service Pack 3.
The patch for Windows XP can be installed on systems running Windows XP
Gold.
Inclusion in future service packs:

The fix for this issue will be included in Windows 2000 Service Pack 4.
The fix for this issue is included in Windows XP Service Pack 1.

-----

-d

Relevant Pages

  • Re: IE 6 wont open
    ... I had already done that first thing this morning and IE 6 is working OK with the patch, so possibly it was just a bad download, or confusion with other patches done at the same time. ... The suggestion to format/clean install on my CD writing problem is a bit like calling a plumber to fix a leaky faucet and being told to tear down my house and rebuild it, hoping that will fix the problem. ... They could not figure out why Windows lost the ability to directly write to the new DVD/CD-RW drive. ...
    (microsoft.public.windowsxp.general)
  • Re: HELP! My FPS is horrid - unplayable since last patch.
    ... seeing the blob pre the 3.0.2 patch. ... it appears that the system requirements has been ... WoW now requires Service Pack 3 for Windows XP, ...
    (alt.games.warcraft)
  • Re: 2003 Cumulative Patch for Outlook Express (330994) TILDE THUMBNAIL
    ... > Is there a fix for the fix? ... > Patch that correct this? ... > be able to cause Windows to open a specially constructed ... Windows makes a backup of this file. ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
  • Re: Outlook Express update notification on 10-10-02 looked questionable
    ... for this issue was included in Windows XP Service Pack 1, ... I tried to install the patch on my WinXP SP1 (note to self: ... Microsoft MVP, Windows - Shell/User ... > some type of vulnerablility and for me to download the ...
    (microsoft.public.windowsxp.security_admin)
  • Re: security patch update (Sasser) breaks Win2K?
    ... corrects a problem I had with Windows 2000 misbehaving after being updated. ... > the KB835732 patch installed as per the following security bulletin, ... Restarts issued by ... > September Microsoft did not appear to have a fix for this issue. ...
    (microsoft.public.mac.virtualpc)