Microsoft Security Advisory MS02-058 - A vulnerability in S/MIME parsing allows Outlook Express to run code of the attackers choice. While creating a digitally signed email and editing it to introduce specific data, then sending it to another user, an attacker can exploit the bug.
381fe6cc2a71e90f90c589641a28ff19abeb2a32a3f3964429f2b63358329863
-----BEGIN PGP SIGNED MESSAGE-----
- ----------------------------------------------------------------------
Title: Unchecked Buffer in Outlook Express S/MIME Parsing
Could Enable System Compromise (Q328676)
Date: 10 October 2002
Software: Outlook Express
Impact: Run code of attacker's choice.
Max Risk: Critical
Bulletin: MS02-058
Microsoft encourages customers to review the Security Bulletin at:
http://www.microsoft.com/technet/security/bulletin/MS02-058.asp.
- ----------------------------------------------------------------------
Issue:
======
To allow for verification of the authenticity of mail messages,
Microsoft Outlook Express supports digital signing of
messages through S/MIME. A buffer overrun vulnerability lies in the
code that generates the warning message when a particular
error condition associated with digital signatures occurs.
By creating a digitally signed email and editing it to introduce
specific data, then sending it to another user, an attacker
could cause either of two effects to occur if the recipient opened or
previewed it. In the less serious case, the attacker
could cause the mail client to fail. If this happened, the recipient
could resume normal operation by restarting the mail
client and deleting the offending mail. In the more serious case, the
attacker could cause the mail client to run code of
their choice on the user's machine. Such code could take any desired
action, limited only by the permissions of the recipient
on the machine.
This vulnerability could only affect messages that are signed using
S/MIME and sent to an Outlook Express user. Users of
Microsoft Outlook products are not affected by this vulnerability.
Mitigating Factors:
====================
- Microsoft Outlook is not affected by this vulnerability.
- Outlook Express runs in the context of the user. Exploiting this
vulnerability would in the worst case scenario allow an attacker
to run arbitrary code in the context of the users' privileges
only. Any restrictions on the users' account would apply to
the attackers code.
Risk Rating:
============
- Internet systems: Low
- Intranet systems: Low
- Client systems: Critical
Patch Availability:
===================
- A patch is available to fix this vulnerability. Please read the
Security Bulletin at
http://www.microsoft.com/technet/security/bulletin/ms02-058.asp
for information on obtaining this patch.
Acknowledgment:
===============
- Noam Rathaus of Beyond Security Ltd.
(http://www.beyondsecurity.com)
- ---------------------------------------------------------------------
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS
ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS
BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR
SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE
BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME
STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR
CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING
LIMITATION MAY NOT APPLY.
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1
iQEVAwUBPaW7TI0ZSRQxA/UrAQFi0Af/eL4Fozaqs5tzr8NX7ssq3Ywm0Uu207Ty
porTd5O0F2biSp1K2cl2rMwPUOeafFe3Ei95FSsA8HGmxfA3IEpak34mTIgZQ9FE
mEGyEiu6BNc0UEgn25HL3wHN15aOf4pJnr2MggCs8tpSyhY9w5jTWwgAne870T9h
GGp0xJXxZN5LXdz2rgdQC8OpiFXs/wb221VNtg8T6emXCfOqIp7RhHowHxTEqcp6
Ypot7OarDpaL+fGDrB5xEMMd/tag2z8CiZaNhRqZC0l93UpFvhK6oOfjhmtwhiz1
v6QkFAa8Gg31/Kf3XTyi808FC8qPvK9NjHvrDbJD5URo/N6RLE7CgQ==
=5pFL
-----END PGP SIGNATURE-----