Content
VCard Virus
- Type
- Data File
- SubType
- Exploit
- Discovery Date
- 02/23/2001
- Length
- Variable
- Minimum DAT
- Not Applic (01/01/2000)
- Updated DAT
- Not Applic (01/01/2000)
- Minimum Engine
- 5.1.00
- Description Added
- 02/23/2001
- Description Modified
- 02/23/2001 3:20 PM (PT)
Tab Navigation
Characteristics
This is not a virus. This is a published exploit, first mentioned in a BugTraq forum posting. According to Microsoft, the following can be assessed about this buffer overflow:
"This is a "Malformed vCard" security vulnerability in Outlook and Outlook Express. This vulnerability exists because the component in Outlook and Outlook Express that processes the vCard (virtual business card) has an unchecked buffer (a temporary data storage area without a string length limit). A malicious user can exploit this vulnerability by creating a vCard that contains specially malformed data, and sending it to another user. When the recipient opens the vCard, the data overruns the buffer. This causes the e-mail program to stop functioning until it is restarted. In a more serious case, a malicious user could exploit the unchecked buffer to run unauthorized on the other user's computer."
More information about a fix and this exploit is available at this link:
Symptoms
After opening a .VCF attachment to an email message, the email application stops responding or aborts execution or hangs. Note that this is only a symptom.
Method of Infection
.VCF Files are registered with the operating system and can be opened directly when double-clicked either as an attachment, or after saved to the local file system. Due to an unchecked buffer overflow condition in these types of files, it is possible to craft a .VCF file in a method which could terminate the email application, or run arbitrary code referenced by the crafted .VCF file.
Refer to the Microsoft Technet article for more information about how this exploit works.
Removal
Download and apply the patch available from Microsoft Technet.
Do not open .VCF files from unknown or from unsolicited email addresses.
Variants
Variants
N/A
All Information
Overview -
Aliases
- Malformed vCard Exploit
- VCF Virus
Characteristics
Characteristics -
This is not a virus. This is a published exploit, first mentioned in a BugTraq forum posting. According to Microsoft, the following can be assessed about this buffer overflow:
"This is a "Malformed vCard" security vulnerability in Outlook and Outlook Express. This vulnerability exists because the component in Outlook and Outlook Express that processes the vCard (virtual business card) has an unchecked buffer (a temporary data storage area without a string length limit). A malicious user can exploit this vulnerability by creating a vCard that contains specially malformed data, and sending it to another user. When the recipient opens the vCard, the data overruns the buffer. This causes the e-mail program to stop functioning until it is restarted. In a more serious case, a malicious user could exploit the unchecked buffer to run unauthorized on the other user's computer."
More information about a fix and this exploit is available at this link:
Symptoms
Symptoms -
After opening a .VCF attachment to an email message, the email application stops responding or aborts execution or hangs. Note that this is only a symptom.
Method of Infection
Method of Infection -
.VCF Files are registered with the operating system and can be opened directly when double-clicked either as an attachment, or after saved to the local file system. Due to an unchecked buffer overflow condition in these types of files, it is possible to craft a .VCF file in a method which could terminate the email application, or run arbitrary code referenced by the crafted .VCF file.
Refer to the Microsoft Technet article for more information about how this exploit works.
Removal -
Removal -
Download and apply the patch available from Microsoft Technet.
Do not open .VCF files from unknown or from unsolicited email addresses.
Variants
Variants -
N/A
