Unchecked Buffer Security Patch

Unchecked Buffer Security Patch

Post by Rashied K. Sharrieff Al Be » Sun, 25 Feb 2001 02:43:02



I have seen a security alert regarding the unchecked buffer problem with Outlook
and OE.  It says that the potential for vCard attacks can be defeated by a
downloadable patch, but that the version of applicable patch depends upon the
version of IE that is being used.  I am using IE 5.0 and OE 5.0, neither of which
is mentioned; patch calls for 5.1 and 5.5; can I still use either of these, and
if not then am I still vulnerable to vCard attack?  Please help!
 
 
 

1. Removing Outlook Security Patch........ (X-Posted)

Dear reader,

At the office I administer an Internet Information Server. At this server
are a lot of tasks performed each day using the ATSVC.SYS Task Scheduler.

There are two important tasks which use the MAPISEND.EXE command.

Task one does the following:
1) Copy data files (.DBF) from a remote server to the IIS server.
2) Import the files into an Access Database using a Access application.
3) Create 2 distribution files.
4) Send the files to a group of persons which is maintained in Personal
Contacts. This is a group of persons.

Task two does the following:
1) Copy data files (.RTF) from a remote server to the IIS server.
2) Convert the files to .HTML files.
3) Copy the .RTF files to the ftp location and the .HTML to the www
location.
4) Send the .rtf files to a group of persons which is maintained in Personal
Contacts. This is a group of persons.

For both tasks everything works fine until step 4.

The services are scheduled using the /interactive switch. The ATSVC.SYS
service is configured as an DOMAIN user and works perfect. No problem with
rights, it did cost me some time to find out why it not worked but the fix
was by using the ATSVC.SYS instead of MTask.EXE (alway's nice to hack the
registry).

At step 4 of each task there is a messagebox displayed which asks if it is
ok to send the e-mail. This is feature in the Outlook Security patch.

I'm using Outlook 2000 SR1.2 at the server because i need the Distribution
list functionality (not supported in OL98).

When I press Yes (if I log in at the console) the E-mails are sended to the
lists of persons. But the problem is I don't want to log in because it has
to work without user intervention.

I don't have Outlook 2000 without the servicepack so I looked on the
internet en KB for a fix. I found a fix which tells me to replace 2 files
with the right version.

One file is found in the C:\Program Files\Microsoft Office\Office folder the
second in the C:\Program Files\Microsoft Office\Office\1033 folder. The two
.dll files are taken from Outlook 2000 SP1.

But when I replace the old ones I get error 26 in MAPISEND.

The Exchange 2000 servers are maintained by our central department and
installing the templates in combination with the outlook Administration
forms are not an issue. So I need an other workaround.

Wim-Bart van der Waals
MCP

--
                     \\\\////

---8<----------oOOOo----------oOOOo---------------
This message is transmitted by cable-wire into the
big dangerous world. It came from me.And my little
computer  system is  so  friendly  to translate my
fingermovements into  zeros and ones. To find some
more digital info  translated into  vision you can
visit my web-site at http://www.vanderwaals.net or


2. owa in spanish

3. That damned security patch

4. NDR for ex employees

5. Outlook 2000 Security Patch

6. Setting Up OWA

7. exchange2000 and iis5 security patch

8. How to send a public folder shortcut in a mail message?

9. Security Patch in Exchange Cluster

10. New Security Patch

11. exchange2000 and iis5 security patch

12. ---Services do not start after updating security patch

13. Security patch error (MS03-046/047)