OE DBX Exposure

Secure Target Network (Security Advisory October 27, 2002)

Topic: OE DBX Exposure
Discovery date: October 02, 2002
Discovered by: Kaveh Mofidi
External: Security Tracker, Bugtraq, Secunia
Affected applications and platforms:
All versions of Outlook Express on any Windows platform

Introduction
You already worked with .dbx files, storing and managing your messages under OE. A default folder takes care of them:
%windrive%\Documents and Settings\User Profile\Local Settings\Application Data\Identities\{Class ID}\Microsoft\Outlook Express
All of your messages will give named by their folders and all folders are defined at Folders.dbx file.
When you delete your messages, they move on Deleted Items.dbx (Deleted Items folder), so when you exit from OE, they must gone but this isn’t happening.
Even when you choose “Empty messages from the ‘Deleted Items’ folder on exit” they remain in both yourfolder.dbx and Deleted Items.dbx files.

Exploit
As you can probably see, this may effect in a wide range of exposure attacks; no escalation of privileges or any other system compromise directly happen. So, anybody with physical access to your computer would be the reader of your email messages and any private information there.

Workaround
Manipulating messages and folders containing them may change the way OE refresh its operations but also may lead to leaving more and more DBX files exposed. The only solution to this issue is to deleting the whole target folder.

Tested on
Outlook Express 6.0.2600.0000 on Windows XP
Outlook Express 6.0.2600.0000 and 6.0.2800.1106 on Windows 2000 SP3

Feedback
Kaveh Mofidi ( Admin (at) SecureTarget [dot] net )
SECURE TARGET, Cyber Security Research

By Kaveh Mofidi

He finds simple solutions for huge and complicated issues! He believes information security and computers are fun to deal with, but the real deal is to find solution for unlimited clean energy, drinkable water, mitigate root cause of hunger, war, and injustice...We need to keep our planet livable, that is our real problem on the Earth!

Leave a comment