Very Computer

by **Adam Warne** » Sat, 31 Mar 2001 19:21:55

Hi all,

I think this tops the buffer overflow in Outlook/Outlook Express where
arbitrary code can be run on an unpatched Windows machine just by sending
someone a plain text email.

This vulnerabilty is a right screwup. It allows someone to execute an
attachment on your Windows computer:

(a) just by visiting a site; or
(b) just by sending you an HTML email (that is automatically rendered
using IE5).

Unknown to me MS HTML emails are just in fact packaged web sites:

"Because HTML e-mails are simply web pages, IE can render them and open
binary attachments in a way that is appropriate to their MIME types."

Check it out:
http://www.microsoft.com/technet/security/bulletin/MS01-020.asp

This is a good example of how not to design a secure operating system. And
that's why statements such as "no operating system is secure" are
misleading. While none are prefectly secure there are degrees of security.
This demonstrates that Microsoft allowed people to email web sites to one
another and then thought about the security implications later.

Attachments execute as the email (i.e. web page/site) is "rendered".
Wonders never cease.

Regards,
Adam

by **mmnno** » Sun, 01 Apr 2001 00:14:02

This really does sound bad, even by Microsoft's own admission.
If you run an email client that renders messages with
MSIE 5.01 or 5.5, anyone in the world can run any
program they like on your system, simply by sending you an
email. You don't need to open any attachment or OK
anything. Just click on the email and your system is toast,
even if you only clicked on it to delete it.

Exploitation of this vulnerability could easily give real teeth to
the next melissa - type virus (of which there have already been
several in the past year).

The "Security Bulletin" (bug report) plainly states that this bug
allows the attacker to "run code of attacker's choice"
(arbitrary code). At least Microsoft was politically correct
enough to consistently refer to the attacker as female.

> Hi all,

> I think this tops the buffer overflow in Outlook/Outlook Express where
> arbitrary code can be run on an unpatched Windows machine just by
> sending someone a plain text email.

<snip>
> Check it out:
> http://www.microsoft.com/technet/security/bulletin/MS01-020.asp

<snip>

by **Matthew Gardine** » Thu, 05 Apr 2001 17:19:16

Well, even though a lot of people give Netscape alot of flak, when was the
last time you heard an exploit this bad for Netscape?

Matthew Gardiner

> This really does sound bad, even by Microsoft's own admission.
> If you run an email client that renders messages with
> MSIE 5.01 or 5.5, anyone in the world can run any
> program they like on your system, simply by sending you an
> email. You don't need to open any attachment or OK
> anything. Just click on the email and your system is toast,
> even if you only clicked on it to delete it.

> Exploitation of this vulnerability could easily give real teeth to
> the next melissa - type virus (of which there have already been
> several in the past year).

> The "Security Bulletin" (bug report) plainly states that this bug
> allows the attacker to "run code of attacker's choice"
> (arbitrary code). At least Microsoft was politically correct
> enough to consistently refer to the attacker as female.

> > Hi all,

> > I think this tops the buffer overflow in Outlook/Outlook Express where
> > arbitrary code can be run on an unpatched Windows machine just by
> > sending someone a plain text email.

> <snip>
> > Check it out:
> > http://www.microsoft.com/technet/security/bulletin/MS01-020.asp

> <snip>

by **Chad Evere** » Thu, 05 Apr 2001 23:57:26

Check out the way Microsoft says "Yes" to the following question:

-----------
Would IE always execute the attachment?

No. IE would only execute the attachment if File Downloads were enabled
in the Security Zone that the e-mail was opened in. However, File
Downloads are enabled in all zones by default.
-----------

>Well, even though a lot of people give Netscape alot of flak, when was the
>last time you heard an exploit this bad for Netscape?

>Matthew Gardiner

>> This really does sound bad, even by Microsoft's own admission.
>> If you run an email client that renders messages with
>> MSIE 5.01 or 5.5, anyone in the world can run any
>> program they like on your system, simply by sending you an
>> email. You don't need to open any attachment or OK
>> anything. Just click on the email and your system is toast,
>> even if you only clicked on it to delete it.

>> Exploitation of this vulnerability could easily give real teeth to
>> the next melissa - type virus (of which there have already been
>> several in the past year).

>> The "Security Bulletin" (bug report) plainly states that this bug
>> allows the attacker to "run code of attacker's choice"
>> (arbitrary code). At least Microsoft was politically correct
>> enough to consistently refer to the attacker as female.

>> > Hi all,

>> > I think this tops the buffer overflow in Outlook/Outlook Express where
>> > arbitrary code can be run on an unpatched Windows machine just by
>> > sending someone a plain text email.

>> <snip>
>> > Check it out:
>> > http://www.microsoft.com/technet/security/bulletin/MS01-020.asp

>> <snip>

by **Matthew Gardine** » Tue, 17 Apr 2001 18:31:28

<snype>

True, and question two is, "How many newbies reconfigure their security
settings once they get their computer?", answer, * all.

Matthew Gardiner

--
I am the resident BOFH (Bastard Operator From Hell)

If you don't like it, you can go [# rm -rf /home/luser] yourself

Running SuSE Linux 7.1

The best of German engineering, now in software form

Very Computer

So IE5/Outlook/Outlook Express will all execute attachments

So IE5/Outlook/Outlook Express will all execute attachments

So IE5/Outlook/Outlook Express will all execute attachments

So IE5/Outlook/Outlook Express will all execute attachments

So IE5/Outlook/Outlook Express will all execute attachments

So IE5/Outlook/Outlook Express will all execute attachments