Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Windows Net Apps :: hack2814.htm

OUTLOOK 2003: OuchLook
OUTLOOK 2003: OuchLook

Sunday, May 09, 2004

Outlook 2003 the premier mail client from the company 
called 'Microsoft' certainly appears to have a lot of security 
features built into it.  Curosry examination shows excellent 
thought into 'spam' containment, 'security' consideration and 
many other little 'things'.

However there is a fundamental flaw with this particular device. 
That is, it copies our arbitrary file with given name into a 
known and easily reachable location:

when embedded into the body of a mail message and when the 
recipient replies, will copy itself into temp folder:

C:\Documents and Settings\\Local Settings\Temp.htm

This location can be quite easily reached without having to know 
the user name [courtesy of jelmer]:\\temp\\malware.htm"> 

The scenario is 'painstakingly' trivial. Send your co-hort at 
the office an email that requires a reply. Embed in it, an html 
file out of sight. Either send them a second message with any 
number of 'spoofed' url schemes pointing to the file in the 
temp, or, direct them to a web site which will reach in into the 
temp folder via the same url and install and run our malicious 

Very Silly Design Error.

End Call


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH