Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

newsbug.txt

🗓️ 29 Feb 2000 00:00:00Reported by SugienType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 49 Views

Web page triggers Outlook to create fake news group entries, causing crashes without fix.

Code
`  
------=_NextPart_000_0153_01BF7FF9.87FC33E0  
Content-Type: text/plain;  
charset="iso-8859-1"  
Content-Transfer-Encoding: quoted-printable  
  
I created my NewsBug approximately 2-3 months ago but never did =  
anything further with it as I have a lot of other projects I am working =  
on. I reported this to MS on Feb 17 while attending the W2K launch; but =  
haven't heard anything from them since. Basically what it is : a web =  
page or an email that when viewed in Outlook (all versions 4.0 and up) =  
and Netscape all versions 4.0 and up that have been set up and are the =  
default email and news reader. with JavaScript and html view enabled. =  
When the web page is viewed it opens up OE or NS and starts making bogus =  
news group file entries, it doesn't subscribe to them cause they don't =  
exist; but it forces the user to manually delete them. to view a POC go =  
to: http://www.zoomnet.net/~quick/error/newsbug.html  
  
During testing in approximately 50% of the time OE would crash before it =  
can be stopped, and when OE is opened back up instead of it coming up =  
and saying OE wasn't shut down properly and the page is not being showed =  
because of possible security concerns, doesn't come up; but instead when =  
OE is rebooted it comes back up and starts making them all over again, =  
well that is if they have it set with the preview pane option enabled =  
and the order of the messages is to show the newest one at the bottom.  
  
For it to work in email it requires an additional file and if you wish =  
to see a poc of it used in email then send me an email authorizing me to =  
send it to you; because I am not in the habit of sending unsolicited =  
malicious code through email.  
  
Fix: NO known fix  
Work around: Disable JavaScript  
  
This next one, I am not sure if it is already known or not, it is =  
sort of like Georgi Guninskis' word pad code execution but it uses a =  
.shs (scrap file). It is possible to create a .shs file that contains =  
executable code then when run outside of word, will execute the code =  
without opening word. I only mention it because a lot of casual users =  
are not familure with the file extension and might run it because the =  
icon looks like a text file. this link =  
http://www.zoomnet.net/~quick/test/test.shs  
is to a file that when run will format the A:\ drive it was created by =  
making an .exe in VB5 pro that does the format, compiling the file into =  
an .exe file then right clicking the .exe file and choosing copy and =  
then opening Word 2K, and right clicking in the document body and =  
selecting paste, then saving the word document and then closing word, =  
opening word back up and right clicking on the .exe file and selecting =  
copy , then closing word, right clicking on the desktop and choosing =  
paste, the resulting file is a text scrap test.shs, and if test.shs is =  
opened up formats the A:\ drive without opening up word. If they are =  
set for double click then double clicking test.shs will format the A:\ =  
drive and the same if they are set for single click.  
  
This is the first time I have contacted you. I received a link to =  
your page from a friend and they said I should email you and tell you =  
about these and other stuff I have created. I am NOT a hacker or =  
anything like that , I am however an avid computer enthusiast. I am =  
disabled and almost house bound, and in a lot of physical pain. In =  
order to take my mind off the pain (which the morphine the doctors give =  
me don't do much for the pain) I have found that if I totally absorb my =  
mind with the computer I can for short periods of time be almost pain =  
free. I have been around computers most of my adult life, and while in =  
the military was trained as a 26T20 (television equipment repairman) and =  
spent most of my tour in the Army repairing main frame computers. I =  
have NO degree in programming or any computer related discipline, but I =  
am self taught. =20  
  
Well this is quite a lengthy email and I am sorry for the size of it. I =  
hope to hear from you one way or the other about these.  
  
******************************* =20  
If at first, you don't succeed;  
by all means, try again,  
but....  
if you don't succeed the second time,  
cover up all tracks and pretend it never happened  
*******************************  
Paul Michael Bryant Sr.  
Gladiators=20  
1st AVN 57th AHC 1972-73  
My Senior Prom was VietNam  
*******************************  
Fax (603) 388-3801  
Dino-Soft Software Inc  
http://www.zoomnet.net/~quick  
  
------=_NextPart_000_0153_01BF7FF9.87FC33E0  
Content-Type: text/html;  
charset="iso-8859-1"  
Content-Transfer-Encoding: quoted-printable  
  
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">  
<HTML><HEAD>  
<META content=3D"text/html; charset=3Diso-8859-1" =  
http-equiv=3DContent-Type>  
<META content=3D"MSHTML 5.00.2919.6307" name=3DGENERATOR>  
<STYLE></STYLE>  
</HEAD>  
<BODY bgColor=3D#ffffff>  
<DIV><FONT face=3DArial>  
<DIV><FONT face=3DArial>&nbsp;&nbsp;&nbsp;&nbsp; I created my NewsBug=20  
approximately 2-3 months ago but never did anything further with it as I =  
have a=20  
lot of other projects I am working on. I reported this to MS on Feb 17 =  
while=20  
attending the W2K launch; but haven't heard anything from them=20  
since.&nbsp;&nbsp;&nbsp;Basically what it is : a web page or an email =  
that when=20  
viewed in Outlook (all versions 4.0 and up) and Netscape all versions =  
4.0 and up=20  
that have been set up and are the default email and news reader.&nbsp; =  
with=20  
JavaScript and html view enabled.&nbsp; When the web page is viewed it =  
opens up=20  
OE or NS and starts making bogus news group file entries, it doesn't =  
subscribe=20  
to them cause they don't exist; but it forces the user to manually =  
delete them.=20  
to view a POC go to: <A=20  
href=3D"http://www.zoomnet.net/~quick/error/newsbug.html">http://www.zoom=  
net.net/~quick/error/newsbug.html</A></FONT></DIV>  
<DIV>&nbsp;</DIV>  
<DIV><FONT face=3DArial>During testing in approximately 50% of the time =  
OE would=20  
crash before it can be stopped, and when OE is opened back up instead of =  
it=20  
coming up and saying OE wasn't shut down properly and the page is not =  
being=20  
showed because of possible security concerns, doesn't come up; but =  
instead when=20  
OE is rebooted it comes back up and starts making them all over again, =  
well that=20  
is if they have it set with the preview pane option enabled and the =  
order of the=20  
messages is to show the newest one at the bottom.</FONT></DIV>  
<DIV>&nbsp;</DIV>  
<DIV><FONT face=3DArial>For it to work in email it requires an =  
additional file and=20  
if you wish to see a poc of it used in email then send me an email =  
authorizing=20  
me to send it to you; because I am not in the habit of sending =  
unsolicited=20  
malicious code through email.</FONT></DIV>  
<DIV>&nbsp;</DIV>  
<DIV><FONT face=3DArial>Fix:&nbsp; NO known fix</FONT></DIV>  
<DIV><FONT face=3DArial>Work around:&nbsp; Disable =  
JavaScript</FONT></DIV>  
<DIV>&nbsp;</DIV>  
<DIV><FONT face=3DArial>&nbsp;&nbsp; This next one, I am not sure if it =  
is already=20  
known or not, it is sort of like Georgi Guninskis' word pad code =  
execution but=20  
it uses a .shs (scrap file).&nbsp; It is possible to create a .shs file =  
that=20  
contains executable code then when run outside of word, will execute the =  
code=20  
without opening word.&nbsp; I only mention it because a lot of casual =  
users are=20  
not familure with the file extension and might run it because the icon =  
looks=20  
like a text file.&nbsp; this link <A=20  
href=3D"http://www.zoomnet.net/~quick/test/test.shs">http://www.zoomnet.n=  
et/~quick/test/test.shs</A></FONT></DIV>  
<DIV><FONT face=3DArial>is to a file that when run will format the A:\ =  
drive it=20  
was created by making an .exe in VB5 pro that does the format, compiling =  
the=20  
file into an .exe file then right clicking the .exe file and choosing =  
copy and=20  
then opening Word 2K, and right clicking in the document body and =  
selecting=20  
paste, then saving the word document and then closing word, opening word =  
back up=20  
and right clicking on the .exe file and selecting copy , then closing =  
word,=20  
right clicking on the desktop and choosing paste, the resulting file is =  
a&nbsp;=20  
text scrap&nbsp; test.shs, and if test.shs is opened up formats the A:\ =  
drive=20  
without opening up word.&nbsp; If they are set for double click then =  
double=20  
clicking&nbsp; test.shs will format the A:\ drive and the same if they =  
are set=20  
for single click.</FONT></DIV>  
<DIV>&nbsp;</DIV>  
<DIV><FONT face=3DArial>&nbsp;&nbsp;&nbsp;&nbsp; This is the first time =  
I have=20  
contacted you.&nbsp; I received a link to your page from a friend and =  
they said=20  
I should email you and tell you about these and other stuff I have=20  
created.&nbsp;&nbsp; I am NOT a hacker or anything like that , I am =  
however an=20  
avid computer enthusiast.&nbsp; I am disabled and almost house bound, =  
and in a=20  
lot of physical pain.&nbsp; In order to take my mind off the pain (which =  
the=20  
morphine the doctors give me don't do much for the pain) I have found =  
that if I=20  
totally absorb my mind with the computer I can for short periods of time =  
be=20  
almost pain free.&nbsp; I have been around computers most of my adult =  
life, and=20  
while in the military was trained as a 26T20 (television equipment =  
repairman)=20  
and spent most of my tour in the Army repairing main frame =  
computers.&nbsp; I=20  
have NO degree in programming or any computer related discipline, but I =  
am self=20  
taught.&nbsp; </FONT></DIV>  
<DIV>&nbsp;</DIV>  
<DIV><FONT face=3DArial>Well this is quite a lengthy email and I am =  
sorry for the=20  
size of it.&nbsp; I hope to hear from you&nbsp; one way or the other =  
about=20  
these.</FONT></DIV>  
<DIV>&nbsp;</DIV>  
<DIV><FONT face=3DArial>*******************************&nbsp; <BR>If at =  
first, you=20  
don't succeed;<BR>by all means, try again,<BR>&nbsp;&nbsp;&nbsp; =  
but....<BR>if=20  
you don't succeed the second time,<BR>cover up all tracks and pretend it =  
never=20  
happened<BR>*******************************<BR>Paul Michael Bryant=20  
Sr.<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Gladiators <BR>&nbsp;1st AVN =  
57th=20  
AHC 1972-73<BR>My Senior Prom was=20  
VietNam<BR>*******************************<BR>&nbsp; Fax (603)=20  
388-3801<BR>&nbsp; Dino-Soft&nbsp; Software Inc<BR>&nbsp; <A=20  
href=3D"http://www.zoomnet.net/~quick">http://www.zoomnet.net/~quick</A><=  
/FONT></DIV></FONT></DIV></BODY></HTML>  
  
------=_NextPart_000_0153_01BF7FF9.87FC33E0--  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
29 Feb 2000 00:00Current
7.4High risk
Vulners AI Score7.4
web page bugoutlook crashesfake entriesno fixjavascript disableemail vulnerability
49