:-----Original Message----- :From: [EMAIL PROTECTED] :[mailto:[EMAIL PROTECTED] On Behalf :Of Randall M :Sent: Sunday, April 10, 2005 7:43 PM :To: 'SecuriTeam'; full-disclosure@lists.grok.org.uk :Subject: [Full-disclosure] RE: [NT] Microsoft Multiple E-Mail :Client AddressSpoofing Vulnerability : : :Overall finding: No spoofing is of concern with POP3 account :or Exchange 2000 using Outlook 2003 since "reply" or "reply to :all" will only go to the spoof address (used for social :engineering) and not the default sender address (the one :attempting to use social engineering). Thus social engineering :attempts will not work. : <SNIP> ____________________________________
I would like to add though a concern. Even though a reply cannot lead to gaining inside information because the "replying" will only go to the spoofed address, a "Spoofing" of the sender can be used to encourage clicking on a link intended to be harmful. And as it was pointed out that care should be followed, if the email is viewed with preview pane it is not apparent that the sender spoofed his address. If my boss sends an email and says "I want you to read this" I usually don't question the "sender" or think it to be spoofed. This then brings in to question the rights of "Send on behalf" that seems to be by passed on Exchange Server. Thank You RandallM __________________________________________________________________- :-----Original Message----- :From: SecuriTeam [mailto:[EMAIL PROTECTED] :Sent: Sunday, April 10, 2005 10:50 AM :To: [EMAIL PROTECTED] :Subject: [NT] Microsoft Multiple E-Mail Client Address :Spoofing Vulnerability : <SNIP>----------------------- :--------- : : :SUMMARY : : <http://www.microsoft.com/outlook/> Microsoft Outlook :provides an integrated solution for managing and organizing :e-mail messages, schedules, tasks, notes, contacts, and other :information. Remote exploitation of an address spoofing :vulnerability in various Microsoft Corp. e-mail clients could :allow attackers to social engineer sensitive information from :end users. <SNIP> ______________________________________ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/