[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-Disclosure] Microsoft Outlook PST Exposure
- To: <full-disclosure@lists.netsys.com>
- Subject: [Full-Disclosure] Microsoft Outlook PST Exposure
- From: "Kaveh Mofidi" <Admin@SecureTarget.Net>
- Date: Sun, 31 Aug 2003 13:07:26 +0430
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1226" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>-----BEGIN PGP SIGNED MESSAGE-----<BR>Hash:
SHA1</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>Secure Target Network (Security Advisory August 31,
2003) <BR>Topic: Microsoft Outlook PST Exposure<BR>Discovery Date: August 28,
2003<BR>Link to Original Advisory: <A
href="http://securetarget.net/advisory.htm";>http://securetarget.net/advisory.htm</A></FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>Affected applications and platforms: <BR>All
versions of Outlook on any Windows platform</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>Introduction: <BR>everyone work with .pst files,
storing and managing his/her Outlook<BR>Data transparently under Microsoft
Outlook. A default folder takes<BR>care of these data files at:
<BR>%windrive%\Documents and Settings\User Profile\Local<BR>Settings\Application
Data\Microsoft\outlook<BR>And all of your data may encrypt and maintain as
outlook.pst (or<BR>archive.pst when you just archive your old data).<BR>When you
add something to your outlook items (appointments &<BR>meetings, tasks,
notes, …), your data file probably increases in size<BR>but when you delete some
items (any size, large or small piece of<BR>data), the data do lost from your
eyes but usually, does not erase<BR>from .pst files.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>Exploit: <BR>As you can probably see, this may
effect in a wide range of exposure<BR>attacks; no escalation of privileges or
any other system compromise<BR>directly happen. So, anybody with physical access
to your computer<BR>would be the reader of your Outlook Items (any task,
appointment and<BR>…) and any private information there.<BR>By the way, this may
lead to a worth situation, when you just restore<BR>a backed up copy of these
.pst files and try to recover your lost<BR>data, but there is something
different in backups, because you didn’t<BR>copy a refreshed one.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>Workaround: <BR>the easiest way to work around this
vulnerability is physical<BR>security countermeasures but for your backups, try
to “compact” items<BR>before backing up:<BR>1. File?folder?properties of “your
desired folder with data<BR>files”?General tab?Advanced?Compact Now<BR>2.
File?Data File Management?settings?Compact Now</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>Tested on: <BR>Outlook 2000 SP3 (9.0.0.6627) on
Windows 2000 SP4<BR>Outlook 2002 (10.2627.2625) on Windows XP Professional
SP1</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>Feedback: <BR>Kaveh Mofidi (<A
href="mailto:Admin@SecureTarget.Net";>Admin@SecureTarget.Net</A>) <BR>Secure
Target Network (Security Consulting Group) <BR><A
href="http://SECURETARGET.NET";>HTTP://SECURETARGET.NET</A></FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>-----BEGIN PGP SIGNATURE-----<BR>Version: PGP
8.0.2</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial
size=2>iQA/AwUBP1Gzn2O1siv41icpEQJ1QgCg6pgz7WdkyQOfv/NHQHVmLzTTQMkAniWn<BR>xf+uy/vKBnuh7W3jnIV6xVsg<BR>=t/1h<BR>-----END
PGP SIGNATURE-----<BR></FONT></DIV></BODY></HTML>