RE: Outlook makes 99% CPU Usage with this message

From: Wyatt, Anthony (ITS, Limestone Av) (Anthony.Wyattat_private)
Date: Wed Aug 29 2001 - 16:32:26 PDT

  • Next message: Jeff Jancula: "Web session tracking security prob. Vulnerable: IIS and ColdFusion (maybe others)"

    Hi All,
    	My outlook hung (O2K v9.0.0.4527) W2k sp2 + hotfixes.
    
    	When I opened it outlook stoped, in my task manager the memory usage counter for outlook kept going up (only watched for 1.5 mins) and got to 17M.
    
    Anthony
    
    > -----Original Message-----
    > From: Alexander Sarras (SEA) [mailto:Alexander.Sarrasat_private]
    > Sent: Thursday, 30 August 2001 4:27 AM
    > To: 'Kayne Ian (Softlab)'; Vuln-Dev
    > Subject: RE: Outlook makes 99% CPU Usage with this message
    > 
    > 
    >  
    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    > 
    > Sorry no probs on O2K SR-1 (v9.0.0.5415) w/ W2K SP2 (v5.0.2195 sp2)
    > 
    > SaS
    > - -- 
    > Dr. Alexander Sarras
    > Product Unit Enterprise Communication Systems
    > Ericsson Enterprise AB
    > 
    > Tel:   +43/1/811 00 4668
    > Fax:   +43/1/811 00 11 4668
    > email: Alexander.Sarrasat_private
    > 
    > 
    > > -----Original Message-----
    > > From: Kayne Ian (Softlab) [mailto:Ian.Kayneat_private]
    > > Sent: Wednesday, August 29, 2001 5:19 PM
    > > To: Vuln-Dev
    > > Subject: Outlook makes 99% CPU Usage with this message
    > > 
    > > 
    > > Hey all,
    > > 	This is a strange one. I've been hashing this about for 
    > > a while, and
    > > come up with the following. In the attached zip is a message 
    > > saved out in
    > > Outlook normal message format. You can open, read, close, 
    > > forward etc this
    > > message absolutely fine. But when you try and click reply, it 
    > > immediately
    > > sends Outlook to 100% CPU usage, and it doesn't come back. I 
    > > have no idea
    > > why, but it seems to be outlook getting confused with the 
    > > message body - if
    > > you hex the .msg file you'll see 2 lines of asterixes that 
    > > are not displayed
    > > (and no, it's not cause they are white text on white 
    > > background, you should
    > > still be able to highlight them, but they just arent there).
    > > 
    > > 	Now, this crashes my Outlook every time. Thats Outlook 2k
    > > v9.0.0.3821 running on Win2k Pro. It's crashed a few other 
    > > ppls outlooks,
    > > but strangely on some Outlooks (same version as mine) it has 
    > > no effect. I'm
    > > wondering if it's to do with a certain combination of patches 
    > > etc installed.
    > > 
    > > 	So, 2 things for you guys. Firstly, do the following:
    > > 
    > > 1. Exit outlook
    > > 2. Unzip the .msg file from the zip
    > > 3. Load outlook
    > > 4. Double click the .msg file from explorer or somwhere
    > > 5. Click the Reply button
    > > 
    > > It should crash Outlook immediately. The Exit/Load outlook thing is
    > > important.
    > > 
    > > 	Secondly, if that doesn't crash, see if you can see 2 
    > > rows of *'s
    > > around the disclaimer. If you save the message as rtf or 
    > > plain text, or hex
    > > dump the .msg the asterixes are there. But not when you view 
    > > the message in
    > > Outlook. I have no idea of the format of a .msg file, so 
    > > maybe someone else
    > > with more experience with this stuff can help?
    > > 
    > > 	Anyway, I can't garantee it will work, and that it's not just my
    > > machines being screwy. But if it does work, and maybe if it's 
    > > exploitable,
    > > it's pretty damn nasty. An invisible exploit in a plain 
    > > message with no
    > > attachment that only needs a click on Reply to work? Ouch.
    > > 
    > > Ian Kayne
    > > Technical Specialist - IT Solutions
    > > Softlab Ltd - A BMW Company
    > > 
    > >  <<Test.zip>> 
    > > 
    > > 
    > > ********************************************************************
    > >  This email and any files transmitted with it are confidential and 
    > > intended solely for the use of the individual or entity to whom 
    > > they are addressed. 
    > > 
    > > If you are not the intended recipient or the person responsible for
    > >  delivering to the intended recipient, be advised that you 
    > > have received 
    > > this email in error and that any use of the information 
    > > contained within 
    > > this email or attachments is strictly prohibited. 
    > > 
    > > Internet communications are not secure and Softlab does not accept 
    > > any legal responsibility for the content of this message. Any 
    > > opinions 
    > > expressed in the email are those of the individual and not 
    > > necessarily 
    > > those of the Company. 
    > > 
    > > If you have received this email in error, or if you are 
    > > concerned with 
    > > the content of this email please notify the IT helpdesk by
    > > telephone  on +44 (0)121 788 5480. 
    > > 
    > > ********************************************************************
    > >  
    > > 
    > 
    > -----BEGIN PGP SIGNATURE-----
    > Version: PGP 7.1
    > 
    > iQA/AwUBO400BH/j44UBWb5aEQLjHACg0e9rt+KSg/KpkOCLqBkQSwauiEEAnimB
    > wpoYsOixhkkX8Uuc5gUsn26X
    > =ffEc
    > -----END PGP SIGNATURE-----
    > 
    



    This archive was generated by hypermail 2b30 : Wed Aug 29 2001 - 22:08:21 PDT