Hi All, My outlook hung (O2K v9.0.0.4527) W2k sp2 + hotfixes. When I opened it outlook stoped, in my task manager the memory usage counter for outlook kept going up (only watched for 1.5 mins) and got to 17M. Anthony > -----Original Message----- > From: Alexander Sarras (SEA) [mailto:Alexander.Sarrasat_private] > Sent: Thursday, 30 August 2001 4:27 AM > To: 'Kayne Ian (Softlab)'; Vuln-Dev > Subject: RE: Outlook makes 99% CPU Usage with this message > > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Sorry no probs on O2K SR-1 (v9.0.0.5415) w/ W2K SP2 (v5.0.2195 sp2) > > SaS > - -- > Dr. Alexander Sarras > Product Unit Enterprise Communication Systems > Ericsson Enterprise AB > > Tel: +43/1/811 00 4668 > Fax: +43/1/811 00 11 4668 > email: Alexander.Sarrasat_private > > > > -----Original Message----- > > From: Kayne Ian (Softlab) [mailto:Ian.Kayneat_private] > > Sent: Wednesday, August 29, 2001 5:19 PM > > To: Vuln-Dev > > Subject: Outlook makes 99% CPU Usage with this message > > > > > > Hey all, > > This is a strange one. I've been hashing this about for > > a while, and > > come up with the following. In the attached zip is a message > > saved out in > > Outlook normal message format. You can open, read, close, > > forward etc this > > message absolutely fine. But when you try and click reply, it > > immediately > > sends Outlook to 100% CPU usage, and it doesn't come back. I > > have no idea > > why, but it seems to be outlook getting confused with the > > message body - if > > you hex the .msg file you'll see 2 lines of asterixes that > > are not displayed > > (and no, it's not cause they are white text on white > > background, you should > > still be able to highlight them, but they just arent there). > > > > Now, this crashes my Outlook every time. Thats Outlook 2k > > v9.0.0.3821 running on Win2k Pro. It's crashed a few other > > ppls outlooks, > > but strangely on some Outlooks (same version as mine) it has > > no effect. I'm > > wondering if it's to do with a certain combination of patches > > etc installed. > > > > So, 2 things for you guys. Firstly, do the following: > > > > 1. Exit outlook > > 2. Unzip the .msg file from the zip > > 3. Load outlook > > 4. Double click the .msg file from explorer or somwhere > > 5. Click the Reply button > > > > It should crash Outlook immediately. The Exit/Load outlook thing is > > important. > > > > Secondly, if that doesn't crash, see if you can see 2 > > rows of *'s > > around the disclaimer. If you save the message as rtf or > > plain text, or hex > > dump the .msg the asterixes are there. But not when you view > > the message in > > Outlook. I have no idea of the format of a .msg file, so > > maybe someone else > > with more experience with this stuff can help? > > > > Anyway, I can't garantee it will work, and that it's not just my > > machines being screwy. But if it does work, and maybe if it's > > exploitable, > > it's pretty damn nasty. An invisible exploit in a plain > > message with no > > attachment that only needs a click on Reply to work? Ouch. > > > > Ian Kayne > > Technical Specialist - IT Solutions > > Softlab Ltd - A BMW Company > > > > <<Test.zip>> > > > > > > ******************************************************************** > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom > > they are addressed. > > > > If you are not the intended recipient or the person responsible for > > delivering to the intended recipient, be advised that you > > have received > > this email in error and that any use of the information > > contained within > > this email or attachments is strictly prohibited. > > > > Internet communications are not secure and Softlab does not accept > > any legal responsibility for the content of this message. Any > > opinions > > expressed in the email are those of the individual and not > > necessarily > > those of the Company. > > > > If you have received this email in error, or if you are > > concerned with > > the content of this email please notify the IT helpdesk by > > telephone on +44 (0)121 788 5480. > > > > ******************************************************************** > > > > > > -----BEGIN PGP SIGNATURE----- > Version: PGP 7.1 > > iQA/AwUBO400BH/j44UBWb5aEQLjHACg0e9rt+KSg/KpkOCLqBkQSwauiEEAnimB > wpoYsOixhkkX8Uuc5gUsn26X > =ffEc > -----END PGP SIGNATURE----- >
This archive was generated by hypermail 2b30 : Wed Aug 29 2001 - 22:08:21 PDT