RE: Outlook makes 99% CPU Usage with this message

From: Alexander Sarras (SEA) (Alexander.Sarrasat_private)
Date: Wed Aug 29 2001 - 11:26:59 PDT

  • Next message: DePriest, Jason R.: "RE: Outlook makes 99% CPU Usage with this message"

     
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    Sorry no probs on O2K SR-1 (v9.0.0.5415) w/ W2K SP2 (v5.0.2195 sp2)
    
    SaS
    - -- 
    Dr. Alexander Sarras
    Product Unit Enterprise Communication Systems
    Ericsson Enterprise AB
    
    Tel:   +43/1/811 00 4668
    Fax:   +43/1/811 00 11 4668
    email: Alexander.Sarrasat_private
    
    
    > -----Original Message-----
    > From: Kayne Ian (Softlab) [mailto:Ian.Kayneat_private]
    > Sent: Wednesday, August 29, 2001 5:19 PM
    > To: Vuln-Dev
    > Subject: Outlook makes 99% CPU Usage with this message
    > 
    > 
    > Hey all,
    > 	This is a strange one. I've been hashing this about for 
    > a while, and
    > come up with the following. In the attached zip is a message 
    > saved out in
    > Outlook normal message format. You can open, read, close, 
    > forward etc this
    > message absolutely fine. But when you try and click reply, it 
    > immediately
    > sends Outlook to 100% CPU usage, and it doesn't come back. I 
    > have no idea
    > why, but it seems to be outlook getting confused with the 
    > message body - if
    > you hex the .msg file you'll see 2 lines of asterixes that 
    > are not displayed
    > (and no, it's not cause they are white text on white 
    > background, you should
    > still be able to highlight them, but they just arent there).
    > 
    > 	Now, this crashes my Outlook every time. Thats Outlook 2k
    > v9.0.0.3821 running on Win2k Pro. It's crashed a few other 
    > ppls outlooks,
    > but strangely on some Outlooks (same version as mine) it has 
    > no effect. I'm
    > wondering if it's to do with a certain combination of patches 
    > etc installed.
    > 
    > 	So, 2 things for you guys. Firstly, do the following:
    > 
    > 1. Exit outlook
    > 2. Unzip the .msg file from the zip
    > 3. Load outlook
    > 4. Double click the .msg file from explorer or somwhere
    > 5. Click the Reply button
    > 
    > It should crash Outlook immediately. The Exit/Load outlook thing is
    > important.
    > 
    > 	Secondly, if that doesn't crash, see if you can see 2 
    > rows of *'s
    > around the disclaimer. If you save the message as rtf or 
    > plain text, or hex
    > dump the .msg the asterixes are there. But not when you view 
    > the message in
    > Outlook. I have no idea of the format of a .msg file, so 
    > maybe someone else
    > with more experience with this stuff can help?
    > 
    > 	Anyway, I can't garantee it will work, and that it's not just my
    > machines being screwy. But if it does work, and maybe if it's 
    > exploitable,
    > it's pretty damn nasty. An invisible exploit in a plain 
    > message with no
    > attachment that only needs a click on Reply to work? Ouch.
    > 
    > Ian Kayne
    > Technical Specialist - IT Solutions
    > Softlab Ltd - A BMW Company
    > 
    >  <<Test.zip>> 
    > 
    > 
    > ********************************************************************
    >  This email and any files transmitted with it are confidential and 
    > intended solely for the use of the individual or entity to whom 
    > they are addressed. 
    > 
    > If you are not the intended recipient or the person responsible for
    >  delivering to the intended recipient, be advised that you 
    > have received 
    > this email in error and that any use of the information 
    > contained within 
    > this email or attachments is strictly prohibited. 
    > 
    > Internet communications are not secure and Softlab does not accept 
    > any legal responsibility for the content of this message. Any 
    > opinions 
    > expressed in the email are those of the individual and not 
    > necessarily 
    > those of the Company. 
    > 
    > If you have received this email in error, or if you are 
    > concerned with 
    > the content of this email please notify the IT helpdesk by
    > telephone  on +44 (0)121 788 5480. 
    > 
    > ********************************************************************
    >  
    > 
    
    -----BEGIN PGP SIGNATURE-----
    Version: PGP 7.1
    
    iQA/AwUBO400BH/j44UBWb5aEQLjHACg0e9rt+KSg/KpkOCLqBkQSwauiEEAnimB
    wpoYsOixhkkX8Uuc5gUsn26X
    =ffEc
    -----END PGP SIGNATURE-----
    



    This archive was generated by hypermail 2b30 : Wed Aug 29 2001 - 12:24:47 PDT