[Esa-l] Outlook 2003 exploit via MS-TNEF (Rich Text)
John D. Hardin
jhardin at impsec.org
Fri May 21 06:14:52 PDT 2004
On Wed, 19 May 2004, Joe Steele wrote:
> On Wednesday, May 19, 2004 11:18 AM, Smart,Dan wrote:
>
> > John:
> > Do you have a suggestion on how to handle this new Outlook 2003
> > vulnerability? See:
> >
> > http://secunia.com/advisories/11629/
>
> I had wondered about this myself when it appeared on bugtraq a couple
> days ago:
>
> http://www.securityfocus.com/archive/1/363596
The attack vector for this is a specially-constructed Microsoft
Outlook Rich Text format MS-TNEF attachment. To defend against this
attack, define $SECURITY_STRIP_MSTNEF in your sanitizer configuration.
It is recommended that you define $SECURITY_STRIP_MSTNEF and contact
your correspondents to recommend that they should NOT use Outlook Rich
Text format as their mail format. If they feel they must send emails
with multiple fonts and colors and other eye candy, they should use
HTML format.
Microsoft has recommended for years that Outlook Rich Text format
should not be used in Internet email, and that TNEF attachments are
only suitable for local network email.
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org FALaholic #11174 pgpk -a jhardin at impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Bush? Kerry? I'm so sick of our elections always being "choose the
lesser of two evils."
-----------------------------------------------------------------------
165 days until the Presidential Election
More information about the esa-l
mailing list