Re: Outlook exploit

From: Arthur Donkers (theart_at_ADIB.NL)
Date: 02/25/05

  • Next message: Discini, Sonny: "Re: Bug submission" 
    Date:         Fri, 25 Feb 2005 18:31:29 +0100
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    On Tue, February 15, 2005 16:21, Paul Wobbe said:
    > Does anyone have any information about this. Since the next version of
    > Exchange is 1 - 2 years out could this not become a problem? I checked
    > the Exploitlabs (www.exploitlabs.com) WEB site and could not find the
    > advisory. The text below came from The SANS Internet Storm Centre.
    > (http://isc.sans.org/)
    >
    > One of my Local Mentor students, pointed out there was a bulletin about
    > an exploit for Outlook Web Access (OWA) published on 25 Jan by
    > exploitlabs, that I don't think we covered here. Many companies have OWA
    > set up for their employees as a convenience. This exploit allows
    > attackers to redirect login to any URL they desire and could be used to
    > gather usernames and passwords. No patch has yet been released, but
    > Microsoft says it will be fixed in the next major release of Exchange.

    The only one I can find is this (Jan 7, 2005):

    http://www.exploitlabs.com/files/advisories/EXPL-A-2005-001-owa.txt

    this mentions the URL redirection...

    cheers,

    Arthur

    >
    >
    > Paul Wobbe
    > DataFix
    >
    > --
    > NTBugtraq Editor's Note:
    >
    > Most viruses these days use spoofed email addresses. As such, using an
    > Anti-Virus product which automatically notifies the perceived sender of a
    > message it believes is infected may well cause more harm than good.
    > Someone who did not actually send you a virus may receive the notification
    > and scramble their support staff to find an infection which never existed
    > in the first place. Suggest such notifications be disabled by whomever is
    > responsible for your AV, or at least that the idea is considered.
    > --
    > 

    --
/* Disclaimer :   you hire my skills, not my opinions, those are mine !  */
/* email : theart@adib.nl      Security    'Me ? I'm not me ! I'm just a */
/* phone : (+31) 595 557057    is not a     computer simulation of me'   */
/* URL http://www.adib.nl     dirty word      Red Dwarf, First Episode   */
--
NTBugtraq Editor's Note:
Most viruses these days use spoofed email addresses. As such, using an Anti-Virus product which automatically notifies the perceived sender of a message it believes is infected may well cause more harm than good. Someone who did not actually send you a virus may receive the notification and scramble their support staff to find an infection which never existed in the first place. Suggest such notifications be disabled by whomever is responsible for your AV, or at least that the idea is considered.
--
  • Next message: Discini, Sonny: "Re: Bug submission"