Threat Level: green Handler on Duty: Basil Alawi S.Taher

SANS ISC: InfoSec Handlers Diary Blog - * Ani cursor exploits against Microsoft E-mail clients - CVE-2007-0038 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

* Ani cursor exploits against Microsoft E-mail clients - CVE-2007-0038

Published: 2007-03-30
Last Updated: 2007-03-30 21:38:53 UTC
by Swa Frantzen (Version: 2)
0 comment(s)

A short overview of how the different email clients (in the supported list of Microsoft) are reacting to the animated cursor vulnerability (CVE-2007-0038, previously also CVE-2007-1765) depending on the actions and settings of the email client.

The surprising element is that "read in plain text" mode makes some of the clients more vulnerable and actually only offers real added value -for this vulnerability- for Outlook 2003.

  Default Settings Read in
plain text mode
Reply/Forward with
"Read in Plain Text" set
Windows XP Outlook Express preview
Vulnerable(*) Vulnerable Vulnerable
Windows XP Outlook Express open Vulnerable(*) Vulnerable Vulnerable
Vista Mail preview Vulnerable   Vulnerable
Vista Mail open Vulnerable   Vulnerable
Outlook 2003 preview Vulnerable    
Outlook 2003 open Vulnerable    
Outlook 2007 preview      
Outlook 2007 open      

(*) It does interact with the user before being vulnerable, but we all know what typical users would do.

--
Swa Frantzen -- NET2S

Keywords:
0 comment(s)
Diary Archives