heya,
Last night I thought to play a bit with Outlook. So
started flooding
the To: field in outlook 2000. It can take upto a max
of 62000 alphabets
as input, and when I tried only with around 30000
alphabets it was
crashing the box. I thought it as some machine
specific problem so tried
the same mechanism on different OS(XP, 2000) running
with MS Outlook 2000
on different machines and evertime it depicted the
same
behaviour....ha! machine freezed!
Though couldn't spend much time on this, but if its
really some sort of
overflow attack then it may be used for priviledge
escalaton kind of
stuff. I am not even sure what the hell it was and how
it was happening.
I tried to play with ollydbg and reading
dmp/sysdata.xml file of
Windows when crash happened but couldn't move ahead
for further analysis or
to write POC....
If anyone else has patience and time then grab the
bait and the
vulnerability is all yours :) and do send me POC
:)....lol...
N'Joy
-Dhruv
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
Received on Jun 10 2005
Intro
