Possible Buffer OverFlow in OutLook Express 5

From: Nabil Ouchn/Operations/TrustVision (nouchnat_private)
Date: Tue Aug 07 2001 - 08:51:39 PDT

  • Next message: Shade: "Re: Wireless Lans give EVERYONE ACCESS"

    I've posted this message long time ago and received some confirmation it
    works...
    
    The description is :
    
    Recently I was playing with OutLook Express 5... and decided to create a
    rule in order to test black list blocking.
    
    I create a rule with these conditions
    1 -  The line "FROM" contains : <sentto>
    2 - When the message body contains the word : <sentto>
    3- The line "TO" contains : <sentto>
    
    The action when all these conditions are satisfied is :
    Do not download file from Server
    
    
    
    
    I then restarted Outlook....but when I began to receive mails...Outlook
    hangs...and give this :
    
    MSIMN a causé une défaillance de page dans
     le module MSOE.DLL à 0167:7a0e58a0.
    Registres :
    EAX=00000000 CS=0167 EIP=7a0e58a0 EFLGS=00010246
    EBX=004609c0 SS=016f ESP=00add5b0 EBP=00add614
    ECX=00001000 DS=016f ESI=00455ab4 FS=46e7
    EDX=00add568 ES=016f EDI=00000000 GS=0000
    Octets à CS : EIP :
    8b 08 ff 51 20 3b c7 89 45 f8 0f 8c ff 2b fe ff
    État de la pile :
    00000000 00000000
    00add984 00455ab4
    004609c0 00000000
    00000000 00000000
    00000000 00000000
    00000000 00000000
    00000000 0046d470
    00000000 00000000
    
    And some times got a bluescreen !
    
    fix : When I removed the rule....everything worked well !!!! ???
    
    Can you reproduce this bug and confirm what I write here..
    
    Thank you a lot
    Nabil Ouchn
    Security Consultant at TrustVision/NET2S
    



    This archive was generated by hypermail 2b30 : Tue Aug 07 2001 - 10:27:50 PDT