Re: Possible Buffer OverFlow in OutLook Express 5From: Stanley G. Bubrouski (email@example.com)
- Previous message: Russell Handorf: "wireless rant"
- In reply to: Nabil Ouchn/Operations/TrustVision: "Possible Buffer OverFlow in OutLook Express 5"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 9 Aug 2001 08:08:38 -0400 (EDT) From: "Stanley G. Bubrouski" <firstname.lastname@example.org> To: Nabil Ouchn/Operations/TrustVision <email@example.com> Subject: Re: Possible Buffer OverFlow in OutLook Express 5 Message-ID: <Pine.GSO.firstname.lastname@example.org>
Well from your description and the crash info it doesn't look like a
buffer overflow of any sort, but I'll look into it just the same, since
I've never had the horror of looking at Outlook up closely (I mostly stick
to Unix, I like gdb.)
-- Stan Bubrouski email@example.com 23 Westmoreland Road, Hingham, MA 02043 Cell: (617) 835-3284
On Tue, 7 Aug 2001, Nabil Ouchn/Operations/TrustVision wrote:
> I've posted this message long time ago and received some confirmation it > works... > > The description is : > > Recently I was playing with OutLook Express 5... and decided to create a > rule in order to test black list blocking. > > I create a rule with these conditions > 1 - The line "FROM" contains : <sentto> > 2 - When the message body contains the word : <sentto> > 3- The line "TO" contains : <sentto> > > The action when all these conditions are satisfied is : > Do not download file from Server > > > > > I then restarted Outlook....but when I began to receive mails...Outlook > hangs...and give this : > > MSIMN a causé une défaillance de page dans > le module MSOE.DLL à 0167:7a0e58a0. > Registres : > EAX=00000000 CS=0167 EIP=7a0e58a0 EFLGS=00010246 > EBX=004609c0 SS=016f ESP=00add5b0 EBP=00add614 > ECX=00001000 DS=016f ESI=00455ab4 FS=46e7 > EDX=00add568 ES=016f EDI=00000000 GS=0000 > Octets à CS : EIP : > 8b 08 ff 51 20 3b c7 89 45 f8 0f 8c ff 2b fe ff > État de la pile : > 00000000 00000000 > 00add984 00455ab4 > 004609c0 00000000 > 00000000 00000000 > 00000000 00000000 > 00000000 00000000 > 00000000 0046d470 > 00000000 00000000 > > And some times got a bluescreen ! > > fix : When I removed the rule....everything worked well !!!! ??? > > Can you reproduce this bug and confirm what I write here.. > > Thank you a lot > Nabil Ouchn > Security Consultant at TrustVision/NET2S > > > >