SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (E-mail Client)  >   Microsoft Outlook Vendors:   Microsoft
Microsoft Outlook 2000 Animated Assistant Prevents the Screen Saver from Activating, Allowing Physically Local Users to Access the System
SecurityTracker Alert ID:  1002356
SecurityTracker URL:  http://securitytracker.com/id/1002356
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Sep 8 2001
Impact:   User access via local system
Exploit Included:  Yes  

Description:   A vulnerability was reported in Microsoft Outlook 2000 in the Animated Assistant feature. The feature prevents the activation of the screen saver, allowing physically local users to access the system when the system is unattended for a period of time.

It is reported that there is a problem in the Windows operating system inactivity mechanism when Outlook 2000's Animated Assistant is enabled.

Impact:   A physically local user can gain access to the system when it is unattended.
Solution:   No vendor solution was available at the time of this entry.

As a workaround, the report recommends locking the workstation manually via: CTRL-ALT-DEL and clicking on 'Lock.'

Vendor URL:  www.microsoft.com/technet/security/ (Links to External Site)
Cause:   State error
Underlying OS:  Windows (Me), Windows (NT), Windows (95), Windows (98), Windows (2000)

Message History:   None.


 Source Message Contents

Subject:  [NT] Outlook2000 Animated Assistant & Password Protected Screen Saver Vulnerability


The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -



  Outlook2000 Animated Assistant & Password Protected Screen Saver 
Vulnerability
------------------------------------------------------------------------


SUMMARY

Outlook 2000 includes a feature called Animated Assistant. This feature 
prevents the activation of the screen saver whenever animated assistant is 
active. This exposes a security vulnerability, since the security policy 
of locking the workstation doesn't affect those workstations that have the 
animated assistant feature enabled.

DETAILS

A problem in the way that the inactivity mechanism used in the Windows 
operating system incorrectly detects the user inactivity period whenever 
Outlook 2000's Animated Assistant is enabled. This causes it not to 
activate the screen saver, resulting in the desktop not getting 
automatically locked.

Workaround:
Lock the workstation manually via: CTRL-ALT-DEL and click on Lock.


ADDITIONAL INFORMATION

The information has been provided by  <mailto:AUpadhyay@OHIOSAVINGS.COM> 
Upadhyay, Anand.



======================================== 


This bulletin is sent to members of the SecuriTeam mailing list. 
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com 
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com 


==================== 
==================== 

DISCLAIMER: 
The information in this bulletin is provided "AS IS" without warranty of any kind. 
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business
 profits or special damages. 







 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC