RE: Outlook makes 99% CPU Usage with this message

From: Alexander Sarras (SEA) (Alexander.Sarras@sea.ericsson.se)
Date: 08/29/01 

Message-ID: <F0F5F5C6F71AD5119D380008C75DA44C69E242@eatvint902>
From: "Alexander Sarras (SEA)" <Alexander.Sarras@sea.ericsson.se>
To: "'Kayne Ian (Softlab)'" <Ian.Kayne@softlab.co.uk>, Vuln-Dev <VULN-DEV@securityfocus.com>
Subject: RE: Outlook makes 99% CPU Usage with this message
Date: Wed, 29 Aug 2001 20:26:59 +0200

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sorry no probs on O2K SR-1 (v9.0.0.5415) w/ W2K SP2 (v5.0.2195 sp2)

SaS
- --
Dr. Alexander Sarras
Product Unit Enterprise Communication Systems
Ericsson Enterprise AB

Tel: +43/1/811 00 4668
Fax: +43/1/811 00 11 4668
email: Alexander.Sarras@ericsson.com

> -----Original Message-----
> From: Kayne Ian (Softlab) [mailto:Ian.Kayne@softlab.co.uk]
> Sent: Wednesday, August 29, 2001 5:19 PM
> To: Vuln-Dev
> Subject: Outlook makes 99% CPU Usage with this message
>
>
> Hey all,
> This is a strange one. I've been hashing this about for
> a while, and
> come up with the following. In the attached zip is a message
> saved out in
> Outlook normal message format. You can open, read, close,
> forward etc this
> message absolutely fine. But when you try and click reply, it
> immediately
> sends Outlook to 100% CPU usage, and it doesn't come back. I
> have no idea
> why, but it seems to be outlook getting confused with the
> message body - if
> you hex the .msg file you'll see 2 lines of asterixes that
> are not displayed
> (and no, it's not cause they are white text on white
> background, you should
> still be able to highlight them, but they just arent there).
>
> Now, this crashes my Outlook every time. Thats Outlook 2k
> v9.0.0.3821 running on Win2k Pro. It's crashed a few other
> ppls outlooks,
> but strangely on some Outlooks (same version as mine) it has
> no effect. I'm
> wondering if it's to do with a certain combination of patches
> etc installed.
>
> So, 2 things for you guys. Firstly, do the following:
>
> 1. Exit outlook
> 2. Unzip the .msg file from the zip
> 3. Load outlook
> 4. Double click the .msg file from explorer or somwhere
> 5. Click the Reply button
>
> It should crash Outlook immediately. The Exit/Load outlook thing is
> important.
>
> Secondly, if that doesn't crash, see if you can see 2
> rows of *'s
> around the disclaimer. If you save the message as rtf or
> plain text, or hex
> dump the .msg the asterixes are there. But not when you view
> the message in
> Outlook. I have no idea of the format of a .msg file, so
> maybe someone else
> with more experience with this stuff can help?
>
> Anyway, I can't garantee it will work, and that it's not just my
> machines being screwy. But if it does work, and maybe if it's
> exploitable,
> it's pretty damn nasty. An invisible exploit in a plain
> message with no
> attachment that only needs a click on Reply to work? Ouch.
>
> Ian Kayne
> Technical Specialist - IT Solutions
> Softlab Ltd - A BMW Company
>
> <<Test.zip>>
>
>
> ********************************************************************
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom
> they are addressed.
>
> If you are not the intended recipient or the person responsible for
> delivering to the intended recipient, be advised that you
> have received
> this email in error and that any use of the information
> contained within
> this email or attachments is strictly prohibited.
>
> Internet communications are not secure and Softlab does not accept
> any legal responsibility for the content of this message. Any
> opinions
> expressed in the email are those of the individual and not
> necessarily
> those of the Company.
>
> If you have received this email in error, or if you are
> concerned with
> the content of this email please notify the IT helpdesk by
> telephone on +44 (0)121 788 5480.
>
> ********************************************************************
>
>

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQA/AwUBO400BH/j44UBWb5aEQLjHACg0e9rt+KSg/KpkOCLqBkQSwauiEEAnimB
wpoYsOixhkkX8Uuc5gUsn26X
=ffEc
-----END PGP SIGNATURE-----

Quantcast