RE: Outlook makes 99% CPU Usage with this message

From: Wyatt, Anthony (ITS, Limestone Av) (Anthony.Wyatt@its.csiro.au)
Date: 08/30/01 

Message-ID: <4ABEF4D887D40745B8D6804C2FFA939F2C6E83@hermes.la.csiro.au>
From: "Wyatt, Anthony (ITS, Limestone Av)" <Anthony.Wyatt@its.csiro.au>
To: "'Kayne Ian (Softlab)'" <Ian.Kayne@softlab.co.uk>, Vuln-Dev <VULN-DEV@securityfocus.com>
Subject: RE: Outlook makes 99% CPU Usage with this message
Date: Thu, 30 Aug 2001 09:32:26 +1000

Hi All,
        My outlook hung (O2K v9.0.0.4527) W2k sp2 + hotfixes.

        When I opened it outlook stoped, in my task manager the memory usage counter for outlook kept going up (only watched for 1.5 mins) and got to 17M.

Anthony

> -----Original Message-----
> From: Alexander Sarras (SEA) [mailto:Alexander.Sarras@sea.ericsson.se]
> Sent: Thursday, 30 August 2001 4:27 AM
> To: 'Kayne Ian (Softlab)'; Vuln-Dev
> Subject: RE: Outlook makes 99% CPU Usage with this message
>
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Sorry no probs on O2K SR-1 (v9.0.0.5415) w/ W2K SP2 (v5.0.2195 sp2)
>
> SaS
> - --
> Dr. Alexander Sarras
> Product Unit Enterprise Communication Systems
> Ericsson Enterprise AB
>
> Tel: +43/1/811 00 4668
> Fax: +43/1/811 00 11 4668
> email: Alexander.Sarras@ericsson.com
>
>
> > -----Original Message-----
> > From: Kayne Ian (Softlab) [mailto:Ian.Kayne@softlab.co.uk]
> > Sent: Wednesday, August 29, 2001 5:19 PM
> > To: Vuln-Dev
> > Subject: Outlook makes 99% CPU Usage with this message
> >
> >
> > Hey all,
> > This is a strange one. I've been hashing this about for
> > a while, and
> > come up with the following. In the attached zip is a message
> > saved out in
> > Outlook normal message format. You can open, read, close,
> > forward etc this
> > message absolutely fine. But when you try and click reply, it
> > immediately
> > sends Outlook to 100% CPU usage, and it doesn't come back. I
> > have no idea
> > why, but it seems to be outlook getting confused with the
> > message body - if
> > you hex the .msg file you'll see 2 lines of asterixes that
> > are not displayed
> > (and no, it's not cause they are white text on white
> > background, you should
> > still be able to highlight them, but they just arent there).
> >
> > Now, this crashes my Outlook every time. Thats Outlook 2k
> > v9.0.0.3821 running on Win2k Pro. It's crashed a few other
> > ppls outlooks,
> > but strangely on some Outlooks (same version as mine) it has
> > no effect. I'm
> > wondering if it's to do with a certain combination of patches
> > etc installed.
> >
> > So, 2 things for you guys. Firstly, do the following:
> >
> > 1. Exit outlook
> > 2. Unzip the .msg file from the zip
> > 3. Load outlook
> > 4. Double click the .msg file from explorer or somwhere
> > 5. Click the Reply button
> >
> > It should crash Outlook immediately. The Exit/Load outlook thing is
> > important.
> >
> > Secondly, if that doesn't crash, see if you can see 2
> > rows of *'s
> > around the disclaimer. If you save the message as rtf or
> > plain text, or hex
> > dump the .msg the asterixes are there. But not when you view
> > the message in
> > Outlook. I have no idea of the format of a .msg file, so
> > maybe someone else
> > with more experience with this stuff can help?
> >
> > Anyway, I can't garantee it will work, and that it's not just my
> > machines being screwy. But if it does work, and maybe if it's
> > exploitable,
> > it's pretty damn nasty. An invisible exploit in a plain
> > message with no
> > attachment that only needs a click on Reply to work? Ouch.
> >
> > Ian Kayne
> > Technical Specialist - IT Solutions
> > Softlab Ltd - A BMW Company
> >
> > <<Test.zip>>
> >
> >
> > ********************************************************************
> > This email and any files transmitted with it are confidential and
> > intended solely for the use of the individual or entity to whom
> > they are addressed.
> >
> > If you are not the intended recipient or the person responsible for
> > delivering to the intended recipient, be advised that you
> > have received
> > this email in error and that any use of the information
> > contained within
> > this email or attachments is strictly prohibited.
> >
> > Internet communications are not secure and Softlab does not accept
> > any legal responsibility for the content of this message. Any
> > opinions
> > expressed in the email are those of the individual and not
> > necessarily
> > those of the Company.
> >
> > If you have received this email in error, or if you are
> > concerned with
> > the content of this email please notify the IT helpdesk by
> > telephone on +44 (0)121 788 5480.
> >
> > ********************************************************************
> >
> >
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 7.1
>
> iQA/AwUBO400BH/j44UBWb5aEQLjHACg0e9rt+KSg/KpkOCLqBkQSwauiEEAnimB
> wpoYsOixhkkX8Uuc5gUsn26X
> =ffEc
> -----END PGP SIGNATURE-----
>

Quantcast