Exchange & Outlook client extensions problem
| Description: | Anyone can register "extensions" to Exchange Client or Outlook which cause evil things to happen for various events. Typical idiotic Microsoft bug. |
| Author: | Martin Stanek <stanek@DCS.FMPH.UNIBA.SK> |
| Compromise: | Steal mail, cause users to run malicious code, etc. |
| Vulnerable Systems: | Microsoft systems where multiple users run Outlook or Exchange client |
| Date: | 9 November 1997 |
Date: Sun, 9 Nov 1997 12:30:50 +0100
From: Martin Stanek <stanek@DCS.FMPH.UNIBA.SK>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Subject: Is this a security bug or feature?
I don't know whether this is an old "issue", or new one.
Almost everywhere, people are using Exchange Client
or Outlook to manage their e-mail messages.
It possible for everybody to add an extension to this
program. Extensions are called in various contexts:
sending, receiving or viewing messages,
beginning of the session, etc...
Once registered, it's valid (active) for everyone,
who use Outlook or Exchange Client on affected
computer. The extension is not limited only to e-mail
specific tasks - but it can do everything what it
want - and: with permissions of current user.
Extensions are registered in Registry in subkey
HKLM\SOFTWARE\Microsoft\Exchange\Client\Extensions\
This key has Special Access for Everyone:
Query value
Set value
Create Subkey
Enumerate Subkeys
Notify
Delete
Read Control
Possible scenarios are left for your imagination...
Experimental source code for "stealing" e-mail messages
is available on request.
Martin Stanek
stanek@dcs.fmph.uniba.sk
The master index of all exploits is available
here (Very large file)
Or you can pick your favorite operating system:
This page is part of Fyodor's exploit
world.
For a free program to automate scanning your network for vulnerable
hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resources:
