[ale] OT: M$ email DoS

Bob bob at cavu.com
Fri Jun 9 12:40:29 EDT 2000 

This is too good to pass up...

Bob Toxen
bob at cavu.com
http://www.cavu.com
Fly-By-Day Consulting, Inc.       "Don't go with a fly-by-night outfit!"
Quality Linux & UNIX software consulting since 1990.
No Microsoft programs were used in the creation or distribution of this
message.
------------- Forwarded email ----------------
From: Matthew J. Brown [mailto:mb at SKYPOINT.COM] 
To: ale at ale.org
Sent: Monday, June 05, 2000 11:01 AM
Subject: Microsoft Outlook (Express) bug..

Hello.

Recently we've been receiving calls from customers not being able to check
their e-mail because Outlook/Outlook Express says to check their "Memory
and Diskspace" (or something along those lines..).  I began looking at
their /var/mail/ mailbox, and I noticed a similarity with all of
them.  They had receieved some spam which had left the "BCC:" and
"Reply-to:" headers blank.  So I attempted to reproduce the error, and it
worked.  Outlook Express wouldn't retreive any e-mail, if there was an
e-mail that had those two feilds blank!  I couldn't believe it.

I attempted to contact Microsoft early last week, but received no reply.  I
haven't had much of a chance to test versions or anything as of yet, so
feel free.  It would certainly be unfortunate if someone were to write a
program that would generate an e-mail like this, and do some mass
mailing.. ;-)

This may have already been mentioned, if so, disregard this e-mail.

Maybe now that the public is aware of this, Microsoft will get their act
together (yeah, right..) and patch this.  It seems rediculous that leaving
those headers would cause any problem.. but it does.

Have fun.  :-)

Matthew J. Brown
Skypoint Network Technician
mb at skypoint.com
----------- but wait, there's more --------------
Date: Fri, 9 Jun 2000 11:26:15 -0500 (CDT)
From: "Matthew J. Brown" <mb at skypoint.com>
To: ale at ale.org
cc: moshaughnessy at quarrytech.com
Subject: Re:  Microsoft Outlook (Express) bug..

Hehe.  They e-mailed me last night asking me for information inregards to
the bug..  I've found out that Exchange may also be vulnerable, but I
don't have any Exchange servers laying around to test it on.  Bummer,
eh? :-)

Matthew J. Brown
Skypoint Network Technician
mb at skypoint.com

On Fri, 9 Jun 2000, Bob wrote:

> Thanks for causing me to laugh out loud at their incompetence!
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.

More information about the Ale mailing list