OUTLOOK 2003: OuchLook

From: Russ (Russ.Cooper_at_RC.ON.CA)
Date: 05/19/04

  • Next message: Thor Larholm: "Re: Silent Runners VBS script available" 
    Date:         Tue, 18 May 2004 19:23:26 -0400
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    -----Original Message-----
    From: http-equiv@excite.com [mailto:1@malware.com]
    Sent: Tuesday, May 18, 2004 4:23 PM
    To: NTBugtraq@listserv.ntbugtraq.com
    Cc: Russ Cooper
    Subject: OUTLOOK 2003: OuchLook

    Sunday, May 09, 2004

    Outlook 2003 the premier mail client from the company
    called 'Microsoft' certainly appears to have a lot of security
    features built into it. Cursory examination shows excellent
    thought into 'spam' containment, 'security' consideration and
    many other little 'things'.

    However there is a fundamental flaw with this particular device.
    That is, it copies our arbitrary file with given name into a
    known and easily reachable location:

    <img src="malware.htm" style="display:none">

    when embedded into the body of a mail message and when the
    recipient replies, will copy itself into temp folder:

    C:\\Documents and Settings\\<user name>\\Local
    Settings\\Temp\\malware.htm

    This location can be quite easily reached without having to know
    the user name [courtesy of jelmer]:

    <a href="shell:user profile\\local
    settings\\temp\\malware.htm">http://office.microsoft.com/>

    The scenario is 'painstakingly' trivial. Send your co-hort at
    the office an email that requires a reply. Embed in it, an html
    file out of sight. Either send them a second message with any
    number of 'spoofed' url schemes pointing to the file in the
    temp, or, direct them to a web site which will reach in into the
    temp folder via the same url and install and run our malicious
    software.

    Very Silly Design Error.

    End Call 

    -- 
http://www.malware.com
-----
Patch Automation v6.0 by Mobile Automation, Inc. allows you to quickly
identify and fix all PC's that are exposed to the Sasser worm! Our solution
provides quick and seamless discovery and deployment of all your PC
computer's Microsoft security patching needs. Regardless of where you're
PC's reside (inside the LAN, at home or on the road), Patch Automation gets
the job done. Contact us to learn about our free 30-day trial version at
800-344-1150 or visit our website at <http://www.patchautomation.com>
-----
  • Next message: Thor Larholm: "Re: Silent Runners VBS script available"

    Relevant Pages

    • PING: Outlook 2003 Spam
      ... Outlook 2003 the premier mail client from the company ... called 'Microsoft' certainly appears to have a lot of security ... We now commence our examination of the Microsoft Office 2003 ...
      (NT-Bugtraq)
    • PING: Outlook 2003 Spam
      ... Outlook 2003 the premier mail client from the company ... called 'Microsoft' certainly appears to have a lot of security ... We now commence our examination of the Microsoft Office 2003 ...
      (Bugtraq)
    • [Full-Disclosure] PING: Outlook 2003 Spam
      ... Outlook 2003 the premier mail client from the company ... called 'Microsoft' certainly appears to have a lot of security ... We now commence our examination of the Microsoft Office 2003 ...
      (Full-Disclosure)
    • Security Alert: W32/Braid@mm
      ... PSS Security Response Team Alert - New Virus:W32/Braid@mm ... Microsoft Outlook, Microsoft Outlook Express, and ... Network Share Infection ...
      (microsoft.public.security)
    • Re: Unwanted email messages
      ... >>PSS Security Response Team Alert - New E-Mail Worm: ... >>PRODUCTS AFFECTED: Microsoft Outlook, Microsoft Outlook ... >>customers to be on the alert for this virus as it ...
      (microsoft.public.security.virus)