MS02-058: Unchecked Buffer in Outlook Express S/MIME Parsing Could Ena


Recommended Posts

-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------

Title: Unchecked Buffer in Outlook Express S/MIME Parsing

Could Enable System Compromise (Q328676)

Date: 10 October 2002

Software: Outlook Express

Impact: Run code of attacker's choice.

Max Risk: Critical

Bulletin: MS02-058

Microsoft encourages customers to review the Security Bulletin at:

http://www.microsoft.com/technet/security/...in/MS02-058.asp.

- ----------------------------------------------------------------------

Issue:

======

To allow for verification of the authenticity of mail messages,

Microsoft Outlook Express supports digital signing of

messages through S/MIME. A buffer overrun vulnerability lies in the

code that generates the warning message when a particular

error condition associated with digital signatures occurs.

By creating a digitally signed email and editing it to introduce

specific data, then sending it to another user, an attacker

could cause either of two effects to occur if the recipient opened or

previewed it. In the less serious case, the attacker

could cause the mail client to fail. If this happened, the recipient

could resume normal operation by restarting the mail

client and deleting the offending mail. In the more serious case, the

attacker could cause the mail client to run code of

their choice on the user's machine. Such code could take any desired

action, limited only by the permissions of the recipient

on the machine.

This vulnerability could only affect messages that are signed using

S/MIME and sent to an Outlook Express user. Users of

Microsoft Outlook products are not affected by this vulnerability.

Mitigating Factors:

====================

- Microsoft Outlook is not affected by this vulnerability.

- Outlook Express runs in the context of the user. Exploiting this

vulnerability would in the worst case scenario allow an attacker

to run arbitrary code in the context of the users' privileges

only. Any restrictions on the users' account would apply to

the attackers code.

Risk Rating:

============

- Internet systems: Low

- Intranet systems: Low

- Client systems: Critical

Patch Availability:

===================

- A patch is available to fix this vulnerability. Please read the

Security Bulletin at

http://www.microsoft.com/technet/security/...in/ms02-058.asp

for information on obtaining this patch.

Acknowledgment:

===============

- Noam Rathaus of Beyond Security Ltd.

(http://www.beyondsecurity.com)

- ---------------------------------------------------------------------

More Information Has Been Posted Here....

https://www.neowin.net/comments.php?id=6834...4&category=main

[Thread Locked]

-xStainDx

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.