On 05 Jun 2001 09:02:07 -0400, Michael Leone wrote:
>
>
> > Hi,
> >
> > Right-click on their name in the headers. Their details will pop-up,
> > with "add to contacts" underneath.
>
> That's not automatic; that's manually adding. He wants all addresses he
> sends to/replies to added to the address book, with no user intervention.
> That's what Outlook Express does.
>
Considering the following message I just received on the bugtraq mailing
list, it might not be a good idea to automaticly add contacts. That is,
unless we can prevent this sort of exploit.
John
On 05 Jun 2001 15:09:27 +0400, 3APA3A wrote:
> Hello bugtraq,
>
> sorry if this is already known - the bug is trivial.
>
> Issue : Outlook Express address book allows
> messages to be intercepted by 3rd party
> Date Released : 16 March 2001
> Vendor Notified : 16 March 2001
> Author : 3APA3A <[EMAIL PROTECTED]>
> Affected : Outlook Exress 5.5SP1 and prior
> Discovered : 18 December 2000 by 3APA3A
> Remotely Exploitable : Yes
> Vendor URL : http://www.microsoft.com
> SECURITY.NNOV advisories: http://www.security.nnov.ru/advisories
>
> Description:
>
> It's possible for remote user to cause messages written for one e-mail
> address to be delivered to another e-mail address.
>
> Details:
>
> Outlook Express has option "Automatically put people I reply to in my
> address book". Then enabled, this option causes Outlook to make
> automatically new address book entries mapping NAME of received
> message to e-mail ADDRESS. Then message is composed Outlook Express
> checks address book for NAME and sets complete e-mail ADDRESS instead.
>
> Exploitation:
>
> Situation: 2 good users G1 and G2 with addresses [EMAIL PROTECTED] and
> [EMAIL PROTECTED] and one bad user B, [EMAIL PROTECTED] Imagine B wants to get
> messages G1 sends to G2. Scenario:
>
> 1. B composes message with headers:
>
> From: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
> Reply-To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
> To: G1 <[EMAIL PROTECTED]>
> Subject: how to catch you on Friday?
>
> and sends it to [EMAIL PROTECTED]
>
> 2. G1 receives mail, which looks absolutely like mail received from
> [EMAIL PROTECTED] and replies it. Reply will be received by B. In this case
> new entry is created in address book pointing NAME "[EMAIL PROTECTED]" to
> ADDRESS [EMAIL PROTECTED]
>
> 3. Now, if while composing new message G1 directly types e-mail
> address [EMAIL PROTECTED] instead of G2, Outlook will compose address as
> "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> and message will be received by B.
>
> Workaround:
>
> Disable "Automatically put people I reply to in my address book"
> option.
>
>
> Vendor:
>
> Microsoft was contacted, accepted problem and replied it's impossible
> to fix it until next IE 5.5 SP.
>
> Solution:
>
> No yet.
>
>
> --
> http://www.security.nnov.ru
> /\_/\
> { . . } |\
> +--oQQo->{ ^ }<-----+ \
> | 3APA3A U 3APA3A }
> +-------------o66o--+ /
> |/
> You know my name - look up my number (The Beatles)
>
>
_______________________________________________
evolution maillist - [EMAIL PROTECTED]
http://lists.helixcode.com/mailman/listinfo/evolution
