Outlook 2000 Rich Text information disclosure

From: Dmitriy Kropivnitskiy (dkropivnitskiy@tigertesting.com)
Date: 08/02/01

Previous message: hypoclear: "Advisory Update: Design Flaw in Linksys EtherFast 4-Port Cable/DSL Router"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 2 Aug 2001 13:22:16 -0400
From: Dmitriy Kropivnitskiy <dkropivnitskiy@tigertesting.com>
To: BugTraq List <bugtraq@securityfocus.com>
Subject: Outlook 2000 Rich Text information disclosure
Message-ID: <20010802132216.A20170@zaphod>

I am not sure if this was posted earlier, but Outlook 2000
Rich Text messages seem to contain full path to user's
mail box. Admittedly this is not much, but since by default
Outlook creates it's mailbox in the profile directory, I might get
the username and possibly OS version
(C:\WINNT\Profiles\johns\<blahblah>\mailbox.pst for example )

Previous message: hypoclear: "Advisory Update: Design Flaw in Linksys EtherFast 4-Port Cable/DSL Router"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: issues with Out of Office (Exchange Server 2007 SP1....Outlook 2007 SP1)
... Rich, greetings from Salem, VA (well, we moved from Roanoke to Salem a year ... MS Outlook 2003 SP3 works just fine. ... InternalURL and ExternalURL were both blank. ... Identity to "Autodiscover " at the prompt after each ...
(microsoft.public.exchange.admin)
Re: winmail.dat
... HTML shouldn't cause the same problems in this case...most e-mail programs ... proprietary to Outlook. ... related to the Rich Text issue. ... When I change to plain text, ...
(microsoft.public.outlook.general)
Re: Rich Text Editor
... Word Pad does not use the phrase *Rich Text Editor*, and I have never used Word or an Office product. ... MS-MVP Outlook Express ...
(microsoft.public.windows.inetexplorer.ie6_outlookexpress)
Re: Adding comandbar to RichText Inspector cause error.
... if you send yourself Rich Text email you should see and run this ... // Try to add inspector to this email ... "Dmitry Streblechenko" wrote: ... OutlookSpy - Outlook, CDO ...
(microsoft.public.office.developer.outlook.vba)
Re: embeds vs attachments
... Milly Staples [MVP - Outlook] ... | clients support 'Rich Text' allowing fonts, ... | MS Client at the other end unwraps this and represents the ... | get the plain body text plus a single attachment called ...
(microsoft.public.outlook)