1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Unchecked Buffer in Outlook Express: Oct 10

Discussion in 'Web & Email' started by eddie5659, Oct 12, 2002.

Thread Status:
Not open for further replies.
  1. eddie5659

    eddie5659 Moderator Malware Specialist Thread Starter

    Joined:
    Mar 19, 2001
    Messages:
    34,916
    Hiya

    To allow for verification of the authenticity of mail messages,
    Microsoft Outlook Express supports digital signing of
    messages through S/MIME. A buffer overrun vulnerability lies in the
    code that generates the warning message when a particular
    error condition associated with digital signatures occurs.

    By creating a digitally signed email and editing it to introduce
    specific data, then sending it to another user, an attacker
    could cause either of two effects to occur if the recipient opened or
    previewed it. In the less serious case, the attacker
    could cause the mail client to fail. If this happened, the recipient
    could resume normal operation by restarting the mail
    client and deleting the offending mail. In the more serious case, the
    attacker could cause the mail client to run code of
    their choice on the user's machine. Such code could take any desired
    action, limited only by the permissions of the recipient
    on the machine.

    This vulnerability could only affect messages that are signed using
    S/MIME and sent to an Outlook Express user. Users of
    Microsoft Outlook products are not affected by this vulnerability.

    Maximum Severity Rating: Critical

    Affected Software:

    Microsoft Outlook Express 6.0
    Microsoft Outlook Express 5.5


    Notes:
    The fix for this issue was included in Windows XP Service Pack 1, and in Internet Explorer 6.0 Service Pack 1.
    Microsoft Outlook is a different product than Microsoft Outlook Express, and is not affected by the vulnerability.



    Download locations for this patch

    Microsoft Outlook Express:


    http://www.microsoft.com/windows/ie/downloads/critical/q328676/default.asp


    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-058.asp

    Regards

    eddie
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Unchecked Buffer Outlook
  1. Dkapiate
    Replies:
    2
    Views:
    277
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/99344

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice