[NT] Outlook 2000 Rich Text Information Disclosure

• Next message: support@securiteam.com: "[UNIX] Roxen Vulnerable to URL Decoding Attack"
• Previous message: support@securiteam.com: "[TOOL] XProbe, Active Operating System Fingerprinting"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: support@securiteam.com
To: list@securiteam.com
Subject: [NT] Outlook 2000 Rich Text Information Disclosure
Message-Id: <20010806212147.2A91113903@mail.der-keiler.de>
Date: Mon,  6 Aug 2001 23:21:47 +0200 (CEST)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com

  Outlook 2000 Rich Text Information Disclosure
------------------------------------------------------------------------

SUMMARY

A security vulnerability in Outlook 2000 allows attackers receiving Rich
Text messages to gain sensitive information by looking inside the posted
message.

DETAILS

Outlook 2000 Rich Text messages contain a full path to user's mailbox.
This would contain sensitive information such as the mailbox's profile
directory, username, and OS version:

Example:
C:\WINNT\Profiles\johns\\mailbox.pst

This leaks potentially sensitive information to an attacker, and helps her
to better plan her next step.

Solution:
Avoid sending Rich Text messages (use plain text or HTML format).

ADDITIONAL INFORMATION

The information has been provided by
<mailto:dkropivnitskiy@tigertesting.com> Dmitriy Kropivnitskiy.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

• Next message: support@securiteam.com: "[UNIX] Roxen Vulnerable to URL Decoding Attack"
• Previous message: support@securiteam.com: "[TOOL] XProbe, Active Operating System Fingerprinting"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: winmail.dat ... HTML shouldn't cause the same problems in this case...most e-mail programs ... proprietary to Outlook. ... related to the Rich Text issue. ... When I change to plain text, ... (microsoft.public.outlook.general) Re: Rich Text Editor ... Word Pad does not use the phrase *Rich Text Editor*, and I have never used Word or an Office product. ... MS-MVP Outlook Express ... (microsoft.public.windows.inetexplorer.ie6_outlookexpress) Re: Adding comandbar to RichText Inspector cause error. ... if you send yourself Rich Text email you should see and run this ... // Try to add inspector to this email ... "Dmitry Streblechenko" wrote: ... OutlookSpy - Outlook, CDO ... (microsoft.public.office.developer.outlook.vba) Re: embeds vs attachments ... Milly Staples [MVP - Outlook] ... | clients support 'Rich Text' allowing fonts, ... | MS Client at the other end unwraps this and represents the ... | get the plain body text plus a single attachment called ... (microsoft.public.outlook) Re: I cant retrieve email addresses from my contacts in outlook ... Just moving a PST file without configuring it will break its connections. ... "Rich Friedman" wrote in message ... > this folder from the Outlook Address Book, ... (microsoft.public.outlook.contacts)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint