[MOL] email alert [13499] Medicine On Line


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[MOL] email alert



This information came to me through The Chronicle of Higher Education.
For the full article, and links to Microsoft and Netscape, go to the
following site, sponsored by the U.S. Dept. of Energy, Computer Incident
Advisory Capability. Hope this info is helpful...Joicy

http://www.ciac.org/ciac/bulletins/i-077a.shtml

INFORMATION BULLETIN 

I-077A: Mime Name Vulnerability in Outlook and
Messenger

July 28, 1998 00:00 GMT 


PROBLEM:       A buffer overflow vulnerability has been identified in 
               Microsoft Outlook, Outlook Express, and Netscape Messenger

               (Mail) that allows an e-mail or news message to contain 
               malicious code in a mime header. That code is executed
when the 
               header is processed by the e-mail/news reader. All of
these 
               e-mail/news readers are widely distributed with popular 
               packages such as Internet Explorer, Windows 98, Windows
97, 
               Office 97, and Netscape Communicator. 
PLATFORM:      Any platform that runs the vulnerable e-mail/news readers:

               Windows 95, Windows 98, Windows NT, Macintosh and Solaris.

DAMAGE:        If exploited, this vulnerability allows a remote user to
run 
               arbitrary code on a users machine with the user's
privileges. 
               The remotely executed code could do anything from sending 
               thousands of e-mails in the user's name to formatting the
hard 
               drive. 
SOLUTION:      Apply patches from Microsoft and Netscape. 

VULNERABILITY  Risk is high. While we have not yet heard of anyone
exploiting 
ASSESSMENT:    this vulnerability for malicious purposes, the ease with
which 
               it can be exploited, the wide distribution of vulnerable 
               readers, and the potential for damage makes it a very
serious 
               problem. 
------------------------------------------------------------------------
This is an automatically-generated notice.  If you'd like to be removed
from the mailing list, please visit the Medicine-On-Line Discussion Forum
at <http://www.meds.com/con_faq.html>, or send an email message to:
majordomo@lists.meds.com
with the subject line blank and the body of the message containing the line:
unsubscribe mol-cancer your-email-address
where the phrase your-email-address is replaced with your actual email
address.
------------------------------------------------------------------------