Re: Possible Buffer OverFlow in OutLook Express 5

From: Stanley G. Bubrouski (stanat_private)
Date: Thu Aug 09 2001 - 05:08:38 PDT

  • Next message: w1re p4ir: "root.exe scanner last email i swear"

    Well from your description and the crash info it doesn't look like a
    buffer overflow of any sort, but I'll look into it just the same, since
    I've never had the horror of looking at Outlook up closely (I mostly stick
    to Unix, I like gdb.)
    
    -Stan
    
    --
    Stan Bubrouski                                       stanat_private
    23 Westmoreland Road, Hingham, MA 02043        Cell:   (617) 835-3284
    
    
    On Tue, 7 Aug 2001, Nabil Ouchn/Operations/TrustVision wrote:
    
    > I've posted this message long time ago and received some confirmation it
    > works...
    > 
    > The description is :
    > 
    > Recently I was playing with OutLook Express 5... and decided to create a
    > rule in order to test black list blocking.
    > 
    > I create a rule with these conditions
    > 1 -  The line "FROM" contains : <sentto>
    > 2 - When the message body contains the word : <sentto>
    > 3- The line "TO" contains : <sentto>
    > 
    > The action when all these conditions are satisfied is :
    > Do not download file from Server
    > 
    > 
    > 
    > 
    > I then restarted Outlook....but when I began to receive mails...Outlook
    > hangs...and give this :
    > 
    > MSIMN a causé une défaillance de page dans
    >  le module MSOE.DLL à 0167:7a0e58a0.
    > Registres :
    > EAX=00000000 CS=0167 EIP=7a0e58a0 EFLGS=00010246
    > EBX=004609c0 SS=016f ESP=00add5b0 EBP=00add614
    > ECX=00001000 DS=016f ESI=00455ab4 FS=46e7
    > EDX=00add568 ES=016f EDI=00000000 GS=0000
    > Octets à CS : EIP :
    > 8b 08 ff 51 20 3b c7 89 45 f8 0f 8c ff 2b fe ff
    > État de la pile :
    > 00000000 00000000
    > 00add984 00455ab4
    > 004609c0 00000000
    > 00000000 00000000
    > 00000000 00000000
    > 00000000 00000000
    > 00000000 0046d470
    > 00000000 00000000
    > 
    > And some times got a bluescreen !
    > 
    > fix : When I removed the rule....everything worked well !!!! ???
    > 
    > Can you reproduce this bug and confirm what I write here..
    > 
    > Thank you a lot
    > Nabil Ouchn
    > Security Consultant at TrustVision/NET2S
    > 
    > 
    > 
    > 
    



    This archive was generated by hypermail 2b30 : Thu Aug 09 2001 - 11:54:28 PDT