Re: Microsoft Security Bulletin MS01-012

[joelmoses () MINDSPRING COM]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I think it's worth noting that CVE#CAN-2000-0756 (a problem I
reported to both Bugtraq and Microsoft in August 2000) is a duplicate
of this particular bug, but also includes extra details about vCard
infotypes.

It's worth noting that the field exploited by @stake is the BDAY:
field, and the EMAIL: field is also potentially vulnerable. Several
other fields, including:

- - name:
- - nickname:
- - fn:
- - title:
- - title;language=de;value=text:
- - tel:
- - tel;<label>:
- - tel;<label>,<label>:

can also be used to drive OUTLOOK.EXE to utilize nearly all of the
CPU when given input beyond allocated buffer space.

I don't have the slightest idea why it took this long for the issue
to come to a patch resolution by Microsoft, other than to say their
ideas about disclosure don't necessarily match mine. And that's to
say nothing about @stake not crediting me... but that's water under
the bridge, now isn't it? :>

Joel Moses, CISSP
Nashville, TN

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.1

iQA/AwUBOpbWbWqHKmLSRN7cEQLVRACfbjLKgLLFOaUMU0X5X2Y2y282LGMAoJMR
u4AA55iK70YNwOcxzrJgyo1S
=xEIj
-----END PGP SIGNATURE-----