Re: Possible Buffer OverFlow in OutLook Express 5

From: Stanley G. Bubrouski (stan@ccs.neu.edu)
Date: 08/09/01


Date: Thu, 9 Aug 2001 08:08:38 -0400 (EDT)
From: "Stanley G. Bubrouski" <stan@ccs.neu.edu>
To: Nabil Ouchn/Operations/TrustVision <nouchn@net2s.com>
Subject: Re: Possible Buffer OverFlow in OutLook Express 5 
Message-ID: <Pine.GSO.4.21.0108090807050.24515-100000@denali.ccs.neu.edu>

Well from your description and the crash info it doesn't look like a
buffer overflow of any sort, but I'll look into it just the same, since
I've never had the horror of looking at Outlook up closely (I mostly stick
to Unix, I like gdb.)

-Stan

--
Stan Bubrouski                                       stan@ccs.neu.edu
23 Westmoreland Road, Hingham, MA 02043        Cell:   (617) 835-3284

On Tue, 7 Aug 2001, Nabil Ouchn/Operations/TrustVision wrote:

> I've posted this message long time ago and received some confirmation it > works... > > The description is : > > Recently I was playing with OutLook Express 5... and decided to create a > rule in order to test black list blocking. > > I create a rule with these conditions > 1 - The line "FROM" contains : <sentto> > 2 - When the message body contains the word : <sentto> > 3- The line "TO" contains : <sentto> > > The action when all these conditions are satisfied is : > Do not download file from Server > > > > > I then restarted Outlook....but when I began to receive mails...Outlook > hangs...and give this : > > MSIMN a causé une défaillance de page dans > le module MSOE.DLL à 0167:7a0e58a0. > Registres : > EAX=00000000 CS=0167 EIP=7a0e58a0 EFLGS=00010246 > EBX=004609c0 SS=016f ESP=00add5b0 EBP=00add614 > ECX=00001000 DS=016f ESI=00455ab4 FS=46e7 > EDX=00add568 ES=016f EDI=00000000 GS=0000 > Octets à CS : EIP : > 8b 08 ff 51 20 3b c7 89 45 f8 0f 8c ff 2b fe ff > État de la pile : > 00000000 00000000 > 00add984 00455ab4 > 004609c0 00000000 > 00000000 00000000 > 00000000 00000000 > 00000000 00000000 > 00000000 0046d470 > 00000000 00000000 > > And some times got a bluescreen ! > > fix : When I removed the rule....everything worked well !!!! ??? > > Can you reproduce this bug and confirm what I write here.. > > Thank you a lot > Nabil Ouchn > Security Consultant at TrustVision/NET2S > > > >



Relevant Pages