Информационная безопасность
[RU] switch to English


Дополнительная информация

  Проблема с адресной книгой в Outlook Express (address book vulnerability)

From:3APA3A <3APA3A_(at)_security.nnov.ru>
Date:2 июня 2001 г.
Subject:SECURITY.NNOV: Outlook Express address book vulnerability

Issue                   :  Outlook  Express  address  book allows
                          messages to be intercepted by 3rd party
Date Released           :  16 March 2001
Vendor Notified         :  16 March 2001
Author                  :  3APA3A <[email protected]>
Affected                :  Outlook Exress 5.5SP1 and prior
Discovered              :  18 December 2000 by 3APA3A
Remotely Exploitable    :  Yes
Vendor URL              :  http://www.microsoft.com
SECURITY.NNOV advisories:  http://www.security.nnov.ru/advisories

Description:

It's possible for remote user to cause messages written for one e-mail
address to be delivered to another e-mail address.

Details:

Outlook  Express has option "Automatically put people I reply to in my
address  book".  Then  enabled,  this  option  causes  Outlook to make
automatically  new  address  book  entries  mapping  NAME  of received
message  to  e-mail  ADDRESS. Then message is composed Outlook Express
checks address book for NAME and sets complete e-mail ADDRESS instead.

Exploitation:

Situation:  2  good  users  G1  and  G2 with addresses [email protected] and
[email protected]  and  one  bad  user B, [email protected] Imagine B wants to get
messages G1 sends to G2. Scenario:

1. B composes message with headers:

From: "[email protected]" <[email protected]>
Reply-To: "[email protected]" <[email protected]>
To: G1 <[email protected]>
Subject: how to catch you on Friday?

and sends it to [email protected]

2.  G1  receives  mail, which looks absolutely like mail received from
[email protected]  and replies it. Reply will be received by B. In this case
new  entry  is  created in address book pointing NAME "[email protected]" to
ADDRESS [email protected]

3.  Now,  if  while  composing  new  message  G1 directly types e-mail
address  [email protected]  instead  of  G2, Outlook will compose address as
"[email protected]" <[email protected]> and message will be received by B.

Workaround:

Disable  "Automatically  put  people  I  reply to in my address  book"
option.


Vendor:

Microsoft was contacted, accepted problem and replied it's impossible
to fix it until next IE 5.5 SP.

Solution:

No yet.

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород