Theos-Talk Archives (August 1998 Message tl00082)

Excerpt of THEOS-L-DIGEST 1597:
The bug, identified by the Secure Programming Groupat Finland's Oulu
University, can be exploited by anattacker who sends you an e-mail message
with anattachment that has an extra-long filename. The longname can cause
Microsoft's Outlook 98 and Outlook Express mail programs, as well as
Netscape's Messenger mail program, to crash from a buffer overflow. After
that, your computer could be forced torun malicious code that's actually
contained right in that long filename.

I might draw your attention to the fact, that the same overflow occures in the
webbrowser wenn you put a very long URL in the bookmarks. Often you don't see
this long name in the status-bar. Those long names especially occure on sites
where you are persistant invited to mark these sites. Although some of these
sites mark themselves automaticly. Next time you try to validate your
bookmarks or try to reach that site by clicking on your mark, the browser will
have a crash down, but the internet-connection stays on. When you do allow
Active-X or JAVA somebody can work around on your PC during that time and you
would'nt notice. As by the e-mail-bug its impossible to check out before,
because whenever you activate the file with the long name you activate the
code. The only remedy is to check your bookmarks and to clean them. There
seems to be no way for a patch-up. 

"Bits and Bytes Crash" from Johannes.