× Few antiviral products inadequately detect 3proxy as Trojan.Daemonize, Backdoor.Daemonize, etc and many detect 3proxy as a PUA (potentially unwanted program). It may cause browser warning on download page. 3proxy is not trojan or backdoor and contains no functionality except described in documentation. Clear explanation of this fact is given, for example, in Microsoft's article.


Issue                   :  Outlook  Express  address  book allows
                           messages to be intercepted by 3rd party
Date Released           :  16 March 2001
Vendor Notified         :  16 March 2001
Affected                :  Outlook Exress 5.5SP1 and prior
Risk                    :  Low/Average
Discovered              :  18 December 2000 by 3APA3A
Remotely Exploitable    :  Yes
Vendor URL              :  http://www.microsoft.com
SECURITY.NNOV advisories:  http://www.security.nnov.ru/advisories

Description:

It's possible for remote user to cause messages written for one e-mail
address to be delivered to another e-mail address.

Details:

Outlook  Express has option "Automatically put people I reply to in my
address  book".  Then  enabled,  this  option  causes  Outlook to make
automatically  new  address  book  entries  mapping  NAME  of received
message  to  e-mail  ADDRESS. Then message is composed Outlook Express
checks address book for NAME and sets complete e-mail ADDRESS instead.

Exploitation:

Situation:  2  good  users  G1  and  G2 with addresses [email protected] and
[email protected]  and  one  bad  user B, [email protected] Imagine B wants to get
messages G1 sends to G2. Scenario:

1. B composes message with headers:

From: "[email protected]" <[email protected]>
Reply-To: "[email protected]" <[email protected]>
To: G1 <[email protected]>
Subject: how to catch you on Friday?

and sends it to [email protected]

2.  G1  receives  mail, which looks absolutely like mail received from
[email protected]  and replies it. Reply will be received by B. In this case
new  entry  is  created in address book pointing NAME "[email protected]" to
ADDRESS [email protected]

3.  Now,  if  while  composing  new  message  G1 directly types e-mail
address  [email protected]  instead  of  G2, Outlook will compose address as
"[email protected]" <[email protected]> and message will be received by B.

Workaround:

Disable  "Automatically  put  people  I  reply to in my address  book"
option.


Vendor:

Microsoft was contacted, accepted problem and replied it's impossible
to fix it until next IE 5.5 SP.

Solution:

No yet.