Re: VCard Security Hole under Outlook/Outlook Express

From: Stephen D. Williams (sdw@lig.net)
Date: Sun Feb 25 2001 - 08:42:27 PST


I never have used Outlook or Outlook Express and am amazed that anyone does
with all of the security problems and instability it has. I mostly use
Netscape Messenger along with my Linux/Imap server. Works very well. I'm
still longing for the perfect open source Web Email to Imap system to
install. Any suggestions?

MS clean (on my main laptop/workstation and all servers anyway, not counting
VMWare/Win98 for testing) for 3 years!

On a mildly anti-MS/pro-Linux for business aside:
Setting up my mother's office server as Linux/Samba server went very well,
even as I harnessed Win2000 Server in VMWare for the one application that was
truly client-server (and didn't have a Linux version quite ready). She has
1600+ clients for a tax/accounting business in Honolulu. Fun (sort of)
weekend project: hardware Raid1, 30GB tape, CDR (with pushbutton web interface
and a dedicated partition/samba config), firewall, Internet NAT, etc. etc. I
ssh/VNC to any of her computers to help her now, 6000 miles away... She had
had so many lost harddrives, locked up Windows computers, etc. that I couldn't
stand hearing about it anymore.

sdw

"Joseph S. Barrera III" wrote:

> It just goes on and on, doesn't it?
>
> > From: Megan Holbrook <meganwh@mediaone.net>
> > To: web405@southland.net
> > Subject: [Web405] VCard Security Hole
> >
> > Another Microsoft security issue for Outlook/Outlook Express users:
> >
> > "Security consultancy and researcher @Stake Inc. has discovered a
> > security flaw in Microsoft's ubiquitous Outlook and Outlook Express
> > e-mail applications.
> >
> > The vulnerability concerns the use of Outlook's vCards, or virtual
> > business cards, that can fall victim to a buffer overflow attack or
> > contain code that can attack a user's system. VCards can be created with
> > malicious code that can either cause Outlook to crash, or even allow the
> > e-mail application to run damaging code on a targeted victim's system.
> >
> > In Microsoft Security Bulletin MS01-012, posted Thursday, Microsoft
> > admitted that the flaw is potentially devastating. "
> >
> > More at http://www.techweb.com/wire/story/TWB20010223S0009

--
OptimaLogic - Finding Optimal Solutions     Web/Crypto/OO/Unix/Comm/Video/DBMS

sdw@lig.net Stephen D. Williams Senior Consultant/Architect http://sdw.st

43392 Wayside Cir,Ashburn,VA 20147-4622 703-724-0118W 703-995-0407Fax 5Jan1999



This archive was generated by hypermail 2b29 : Fri Apr 27 2001 - 23:18:29 PDT