[Mimedefang] Danger of .vcs files?

Kevin A. McGrail kmcgrail at pccc.com
Thu Sep 30 13:39:41 EDT 2004


Fairly certain .vcs is a vCalendar format for doing calendar and event
exports.  It is used by Outlook and Palm as well as Apple's iCal.

More info in RFCs 2425, 2526, 2445, 2446 & 2447 -- http://www.imc.org/pdi/

A quick web search and guess what?  Microsoft has issued related security
patches, see below.

Regards,
KAM


Microsoft issues patch for new Outlook security hole

News Story by Jennifer DiSabatino

FEBRUARY 23, 2001 (COMPUTERWORLD) - Microsoft Corp. has identified another
security hole in its Outlook e-mail software and said a fix is available for
the glitch.

The software maker yesterday released a patch for its Outlook and Outlook
Express clients, following the identification of a hole in the software that
could allow hackers to use a vCard to disable Outlook, or run code through
Outlook.

The vCard attachment is a common way to share address book information.

This exploit, like many viruses, will work only if the user opens an
infected attachment in an e-mail document. It was reported to Microsoft by
Ollie Whitehouse, a British programmer.

The patch is available from Microsoft. As always, the company urged users to
follow sound security measures, which include not opening unexpected
attachments, especially from strangers.

However, as evidenced by the spread of the Kournikova virus last week, users
are still all too willing to open suspect attachments (see story).

According to the Microsoft security advisory, "Outlook Express provides
several components that are used both by it and, if installed on the
machine, Outlook. One such component, used to process vCards, contains an
unchecked buffer."

A buffer temporarily stores data in devices or software. Programmers can
design buffers to check the size of data entered into them and reject
entries that are too long. When they are "unchecked," it means there is no
such safeguard, and users can enter any amount of data. In the case of
Outlook, the unchecked buffer would allow a malicious user to create a vCard
that contains what Microsoft called "specially malformed data." When a
recipient opens such a vCard, the data would overflow the available buffer
size and crash the e-mail software.

"In a more serious case, a malicious user could exploit the unchecked buffer
to run unauthorized code on the other user's computer," Microsoft warned.

Sara Radicati, president and CEO of The Radicati Group in Palo Alto, Calif.,
said she hadn't heard that this hole was a problem yet.

"This is such a low-level issue . . . it just might not have bubbled up
yet," she said.

> >>If anyone can tell me what the danger of these files is,
> >>I'd appreciate it, then I can decide whether to risk
> >>letting them in.

> > .vcs does not appear on webopedia's list of known extensions:
> > http://www.webopedia.com/quick_ref/fileextensionsv.asp
> >
> > so it can't be a commonly associated extension.



More information about the MIMEDefang mailing list