Computer Security
[EN] securityvulns.ru no-pyccku


Related information

  Outlook Express S/MIME buffer voerflow

  Outlook Express Remote Code Execution in Preview Pane (S/MIME)

From:MICROSOFT <secure_(at)_microsoft.com>
Date:11.10.2002
Subject:Security Bulletin MS02-058: Unchecked Buffer in Outlook Express S/MIME Parsing Could Enable System Compromise (Q328676)

- ----------------------------------------------------------------------
Title:      Unchecked Buffer in Outlook Express S/MIME Parsing
           Could Enable System Compromise (Q328676)
Date:       10 October 2002
Software:   Outlook Express
Impact:     Run code of attacker's choice.
Max Risk:   Critical
Bulletin:   MS02-058

Microsoft encourages customers to review the Security Bulletin at:
http://www.microsoft.com/technet/security/bulletin/MS02-058.asp.
- ----------------------------------------------------------------------

Issue:
======
To allow for verification of the authenticity of mail messages,
Microsoft Outlook Express supports digital signing of
messages through S/MIME. A buffer overrun vulnerability lies in the
code that generates the warning message when a particular
error condition associated with digital signatures occurs.

By creating a digitally signed email and editing it to introduce
specific data, then sending it to another user, an attacker
could cause either of two effects to occur if the recipient opened or
previewed it. In the less serious case, the attacker
could cause the mail client to fail. If this happened, the recipient
could resume normal operation by restarting the mail
client and deleting the offending mail. In the more serious case, the
attacker could cause the mail client to run code of
their choice on the user's machine. Such code could take any desired
action, limited only by the permissions of the recipient
on the machine.

This vulnerability could only affect messages that are signed using
S/MIME and sent to an Outlook Express user. Users of
Microsoft Outlook products are not affected by this vulnerability.

Mitigating Factors:
====================
- Microsoft Outlook is not affected by this vulnerability.
- Outlook Express runs in the context of the user. Exploiting this
  vulnerability would in the worst case scenario allow an attacker
  to run arbitrary code in the context of the users' privileges
  only. Any restrictions on the users' account would apply to
  the attackers code.

Risk Rating:
============
- Internet systems: Low
- Intranet systems: Low
- Client systems: Critical

Patch Availability:
===================
- A patch is available to fix this vulnerability. Please read the
  Security Bulletin at
  http://www.microsoft.com/technet/security/bulletin/ms02-058.asp
  for information on obtaining this patch.

Acknowledgment:
===============
- Noam Rathaus of Beyond Security Ltd.
(http://www.beyondsecurity.com)

- ---------------------------------------------------------------------

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS
ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS
BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR
SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE
BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME
STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR
CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING
LIMITATION MAY NOT APPLY.

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod