When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Outlook will see non-existing attachments

Thanks me101 who mailed me the following Bugtraq report:

Problem

Outlook Interprets Carriage Returns 0x0d or <CR> as Carriage Return/Line Feed combinations 0x0d 0x0a or <CRLF> in Message Headers

Versions affected

Outlook Express 5.5 with Windows 95 and Outlook Express 6.0 on Windows 2000 confirmed; other versions of Outlook and Outlook Express are suspected. Outlook Express on Macintosh seems unaffected (tested version 5.02). No definite status on other MUA's here. I found no vulnerable versions, but as I did not do extensive testing, it seems rather unwise to mention a couple of brands and yell "probably not affected".

Symptoms

When you use Outlook, you may receive a message in which headers are incorrectly interpreted as message data.

Status

I sent this to Microsoft a couple of times. There has been no reply - not even an acknowledgement. I sent it on January, 31, through a bug report form on the Microsoft site. Then called Microsoft on February, 4, and sent the bug report to mcchol@microsoft.com as they requested; then used secure@microsoft.com on February, 7. I provided contact information, offered help, and asked them to reply ASAP. I received nothing, not even an acknowledgement.

In the mean time, I saw a discussion on the postfix-user mailinglist where some viruses played tricks with <CR>'s in the headers. So the problem is "in the wild".

View: in more detail @ Security Focus.com

Report a problem with article
Next Article

Neowin on The Register

Previous Article

FBI Says It's Monitoring Internet Vulnerability