> From: "Nick FitzGerald" <[EMAIL PROTECTED]> > "Gregh" <[EMAIL PROTECTED]> wrote: > > I believe an exploit cropped up within the last 12 months or so for OE > > (version unknown) where the user has preview pane OFF and receives an email > > that he doesn't actually double click on to open. However, in deleting it, > > the user either web bugs himself or puts some sort of exploit in. > > There was an exploitable buffer overflow in a date handling routine in > some .DLL (MSHTML.DLL ???) that OE used for its date functions. > > I have a feeling that was closer to two years ago, but have not > bothered to search the archives to check...
It was almost 4 years ago, roughly 3� to be exact, on July 18 2000. "Microsoft Outlook / Outlook Express GMT Field Buffer Overflow Vulnerability" http://www.securityfocus.com/bid/1481 Details in original post: http://www.securityfocus.com/archive/1/70543 You just had to download the email to be exploited. Regards Thor Larholm Senior Security Researcher PivX Solutions 24 Corporate Plaza #180 Newport Beach, CA 92660 http://www.pivx.com [EMAIL PROTECTED] Phone: +1 (949) 231-8496 PGP: 0x5A276569 6BB1 B77F CB62 0D3D 5A82 C65D E1A4 157C 5A27 6569 PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of Qwik-Fix <http://www.qwik-fix.net> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
