[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
 
 discussions
- read forum
- new topic
- search
 

 meetings
- meetings list
- recent additions
- add your info
 
 top 100 sites
- visit top sites
- sign up now
- members
 
 webmasters

- add your url
- add domain
- search box
- link to us

 
 projects
- our projects
- free email
 
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : Vulnerability in vCard import in Outlook 2000

Title: Vulnerability in vCard import in Outlook 2000
Released by:
Date: 30th August 2000
Printable version: Click here
-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1



Vulnerability in vCard import in Outlook 2000

Released: August 30, 2000



Summary

=======



Under certain conditions, excessively long or malformed fields in a

vCard (.vcf) file can  cause Microsoft Outlook 2000 to either

overflow or excessively utilize system resources.





Background

==========



The specifications regarding vCard MIME types and field contents can

be found in RFCs 2425  and 2426.



Although RFC 2426 section 2.6 specifically requires lines longer than

75 characters to be  folded as defined in [MIME-DIR], it appears

Outlook does not support line folding, and will  attempt to import

any field in the file as one value, even if it is several pages long

or  (in one case) overflows a data field within Outlook.



The effect this unlimited import attempt has on Outlook 2000 varies

between field types.  Some fields will cause Outlook to consume

nearly all CPU time, and certain others  (especially date/revision

fields and e-mail fields) will cause Outlook to terminiate

immediately due to an overflow.





Severity

========



Outlook 2000 does not attempt to open and import a .vcf file that a

user receives via e-mail  without prompting the user first. However,

vCard files are extremely common, and many users  have trained

themselves to ignore the warning dialog box.



Outlook does, however, open a vCard file with no questions asked if

the user saves it to a  directory and double-clicks it from Windows

Explorer. In this situation, the vCard is  processed directly with no

warning or status messages displayed to the user.





Affected Configurations

=======================



Microsoft Outlook 2000 was the only platform tested (on Windows NT

4.0 Workstation,

Service Pack 6a+hotfixes).



Affected fields in vCard file causing an overflow:



- - email:

- - bday; value=date (as low as 52 characters of form YYYY-MM-D(60)



Affected fields in vCard file causing excessive CPU utilization:



- - name:

- - nickname:

- - fn:

- - title:

- - title;language=de;value=text:

- - tel:

- - tel;






(C) 1999-2000 All rights reserved.