Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Microsoft Multiple Email Client


  • Please log in to reply
No replies to this topic

#1 Aditya

Aditya

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 09 May 2005 - 07:11 AM

iDEFENSE Security Advisory
I. BACKGROUND

Microsoft Outlook provides an integrated solution for managing and
organizing e-mail messages, schedules, tasks, notes, contacts, and
other
information. More information is available at

http://www.microsoft.com/outlook/

II. DESCRIPTION

Remote exploitation of an address spoofing vulnerability in various
Microsoft Corp. e-mail clients could allow attackers to social engineer
sensitive information from end users.

Microsoft Outlook and Microsoft Outlook Web Access (OWA) are widely
deployed collaboration clients in corporate networks. The vulnerability
specifically exists in message header parsing and allows an attacker to
spoof the "From" field that is displayed on the user's screen. Within
the SMTP header, when the From field contains multiple comma-separated
addresses, Outlook and OWA will only display the first address.
Consider
the following example header:

From: support@your.company, Phisher <phisher@attackers.domain>

Outlook and OWA will only display the address "support@your.company" as
the sender address.

III. ANALYSIS

While server-side e-mail spoofing is a known matter, this issue is
relevant as it exists within the client. Consider the following
example:
A corporate SMTP server is configured to drop all mail received from
the
external network claiming to be from an internal address. By exploiting
this issue, an attacker can bypass the imposed restrictions and
transmit
a message that appears to come from an internal user. This attack,
combined with social engineering, could potentially lead to further
compromise.

IV. DETECTION

Microsoft Outlook as distributed with Office XP and 2003 as well as
Outlook Web Access as distributed with Exchange 2003 have been
confirmed
as vulnerable. Prior versions are suspected to be affected as well.

Microsoft Outlook Express is not affected by this issue.

.::ASAP::.

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users