-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sorry no probs on O2K SR-1 (v9.0.0.5415) w/ W2K SP2 (v5.0.2195 sp2) SaS - -- Dr. Alexander Sarras Product Unit Enterprise Communication Systems Ericsson Enterprise AB Tel: +43/1/811 00 4668 Fax: +43/1/811 00 11 4668 email: Alexander.Sarrasat_private > -----Original Message----- > From: Kayne Ian (Softlab) [mailto:Ian.Kayneat_private] > Sent: Wednesday, August 29, 2001 5:19 PM > To: Vuln-Dev > Subject: Outlook makes 99% CPU Usage with this message > > > Hey all, > This is a strange one. I've been hashing this about for > a while, and > come up with the following. In the attached zip is a message > saved out in > Outlook normal message format. You can open, read, close, > forward etc this > message absolutely fine. But when you try and click reply, it > immediately > sends Outlook to 100% CPU usage, and it doesn't come back. I > have no idea > why, but it seems to be outlook getting confused with the > message body - if > you hex the .msg file you'll see 2 lines of asterixes that > are not displayed > (and no, it's not cause they are white text on white > background, you should > still be able to highlight them, but they just arent there). > > Now, this crashes my Outlook every time. Thats Outlook 2k > v9.0.0.3821 running on Win2k Pro. It's crashed a few other > ppls outlooks, > but strangely on some Outlooks (same version as mine) it has > no effect. I'm > wondering if it's to do with a certain combination of patches > etc installed. > > So, 2 things for you guys. Firstly, do the following: > > 1. Exit outlook > 2. Unzip the .msg file from the zip > 3. Load outlook > 4. Double click the .msg file from explorer or somwhere > 5. Click the Reply button > > It should crash Outlook immediately. The Exit/Load outlook thing is > important. > > Secondly, if that doesn't crash, see if you can see 2 > rows of *'s > around the disclaimer. If you save the message as rtf or > plain text, or hex > dump the .msg the asterixes are there. But not when you view > the message in > Outlook. I have no idea of the format of a .msg file, so > maybe someone else > with more experience with this stuff can help? > > Anyway, I can't garantee it will work, and that it's not just my > machines being screwy. But if it does work, and maybe if it's > exploitable, > it's pretty damn nasty. An invisible exploit in a plain > message with no > attachment that only needs a click on Reply to work? Ouch. > > Ian Kayne > Technical Specialist - IT Solutions > Softlab Ltd - A BMW Company > > <<Test.zip>> > > > ******************************************************************** > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom > they are addressed. > > If you are not the intended recipient or the person responsible for > delivering to the intended recipient, be advised that you > have received > this email in error and that any use of the information > contained within > this email or attachments is strictly prohibited. > > Internet communications are not secure and Softlab does not accept > any legal responsibility for the content of this message. Any > opinions > expressed in the email are those of the individual and not > necessarily > those of the Company. > > If you have received this email in error, or if you are > concerned with > the content of this email please notify the IT helpdesk by > telephone on +44 (0)121 788 5480. > > ******************************************************************** > > -----BEGIN PGP SIGNATURE----- Version: PGP 7.1 iQA/AwUBO400BH/j44UBWb5aEQLjHACg0e9rt+KSg/KpkOCLqBkQSwauiEEAnimB wpoYsOixhkkX8Uuc5gUsn26X =ffEc -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Wed Aug 29 2001 - 12:24:47 PDT