SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (E-mail Client)  >   Microsoft Outlook Express Vendors:   Microsoft
Microsoft Outlook Express May Fail to Delete E-mail Messages from Local Storage
SecurityTracker Alert ID:  1005489
SecurityTracker URL:  http://securitytracker.com/id/1005489
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Oct 28 2002
Impact:   Disclosure of user information
Exploit Included:  Yes  
Version(s): 6.0
Description:   A potential information disclosure issue was reported in Microsoft Outlook Express. A local user may be able to obtain access to deleted e-mail messages.

Secure Target Network reported that Outlook Express (OE) may fail to remove e-mail messages from the underlying '.dbx' files used by OE to store messages.

The messages are reportedly stroed in various '.dbx' files in the following folder:

%windrive%\Documents and Settings\User Profile\Local Settings\Application Data\Identities\{Class ID}\Microsoft\Outlook Express

When the user selects "Empty messages from the 'Deleted Items' folder on exit", the messages reportedly remain in both the 'yourfolder.dbx' and 'Deleted Items.dbx' files.

Impact:   Outlook Express may fail to remove e-mail messages from local storage. A local user may be able to view the messages.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.microsoft.com/technet/security/ (Links to External Site)
Cause:   Access control error, State error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  OE DBX Exposure


Secure Target Network (Security Advisory October 27, 2002)

 

Topic: OE DBX Exposure

 

Discovery date: October 02, 2002

 

Affected applications and platforms:

All versions of Outlook Express on any Windows platform

 

Introduction:

You already worked with .dbx files, storing and managing your messages under OE. A default folder takes care of them:

%windrive%\Documents and Settings\User Profile\Local Settings\Application Data\Identities\{Class ID}\Microsoft\Outlook Express

All of your messages will give named by their folders and all folders are defined at Folders.dbx file.

When you delete your messages, they move on Deleted Items.dbx (Deleted Items folder), so when you exit from OE, they must gone but
 this isn't happening.

Even when you choose "Empty messages from the 'Deleted Items' folder on exit" they remain in both yourfolder.dbx and Deleted Items.dbx
 files.

 

Exploit:

As you can probably see, this may effect in a wide range of exposure attacks; no escalation of privileges or any other system compromise
 directly happen. So, anybody with physical access to your computer would be the reader of your email messages and any private information
 there.

 

Workaround:

Manipulating messages and folders containing them may change the way OE refresh its operations but also may lead to leaving more and
 more DBX files exposed. The only solution to this issue is to deleting the whole target folder.

 

Tested on:

Outlook Express 6.0.2600.0000 on Windows XP

Outlook Express 6.0.2600.0000 and 6.0.2800.1106 on Windows 2000 SP3

 

Feedback:

Kaveh Mofidi (Admin@SecureTarget.Net)

Secure Target Network (Security Consulting Group)

HTTP://SECURETARGET.NET

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC