Microsoft’s Outlook Bug Exposes Internet
A newly discovered vulnerability in Microsoft's Outlook and Outlook Express programs leave thousands of computers open to attack from malicious email, and puts the lie to the conventional wisdom that you can't get a computer virus if you don't open
The bug, which is known to affect Windows 95, 98 and NT, is a classic "buffer overflow" error in the section of Outlook that passes the Date field of each incoming email. By padding the date with a long string of characters, an attacker can escape from the area of memory reserved for storing it, and into a section that executes instructions. From there, the attacker's email could secretly infect a victim computer with a "back door" program like Back Orifice, or instruct it to send the offending email back out to the net like the LoveLetter virus.
Aaron Drew discovered the vulnerability, and posted the details to the Bugtraq mailing list on Tuesday, along with code that ostensibly demonstrates the bug. MSNBC reports that the hole was also discovered over a month ago by researchers at USSR Labs, which also boasts working exploit code. Both the news service and the security group kept it a secret while awaiting a Microsoft fix.
Please feel free to email us - firstname.lastname@example.org
Images and content are copyright to Cipher-IT Ltd
Site designed by Cipher-IT Ltd