[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Re: Outlook denial of service
From:       "Nicholas W. Blasgen" <nblasgen () REFRACT ! COM>
Date:       1999-06-28 21:52:34
[Download RAW message or body]

I tested it with Outlook 2000 with Windows 98 and had no problem.

Nicholas Blasgen
Refract Media

"The hard part was figuring out how to destroy the
physical universe. But I think we've solved that."
  - Marcus Larry, 1999


> I've found a problem in qualcomm popper (and presumabley others) in that
it
> doesn't check for an existing X-UIDL: headers, but simpley uses it when
the
> client sends in a uidl request.  This problem can manifest itself as an
> effective denial of service attack against microsoft outlook clients
> because outlook looks for unique uidl's for each message and if there
are
> duplicates it will hang prior to downloading any mail.  I've put up a
small
> web site detailing the problem and some possible work arounds/fixes at
>
> http://getaclue.org/yoduh/outlook.html
>

[prev in list] [next in list] [prev in thread] [next in thread]