|
PureBytes Links
Trading Reference Links
|
<x-html><!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN">
<HTML>
<HEAD>
<META content=text/html;charset=iso-8859-1 http-equiv=Content-Type><TITLE>Outlook Express Buffer Overrun Security Information Page</TITLE><!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN"><!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN"><!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN"><!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN"><!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN"><!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN"><BASE
href=file://C:\Windows\Desktop\ie40-security\>
<META
content="Internet Explorer; Internet Explorer3; Internet Explorer3.0; Internet Explorer 3.0 Outlook; Outlook Express; Outlook buffer; Outlook Express buffer; Outlook buffer overrun; Outlook Express buffer overrun; net security; press; web; security; protocol; java; applets; java applets; holes; breach; breaches; privacy; protocols; warning; warnings; authenticode 2; authenticode 2.0; access; protection; protect; secure; Java; encryption; credit card; university of Maryland; fix; patch; update; corporations; corporation; administrator; buffer; buffer overrun; MK; MK OVerrun loft; LOpht; standard; standards; browsing; browser; Internet; surf; surfing; author; platform; IE; Microsoft; Microsoft browser; MSIE"
name=KEYWORDS>
<META
content="How to protect your computer from the Outlook Express Buffer Overrun issue."
name=DESCRIPTION>
<META
content="Internet Explorer; IE; browser; 3.02; Internet Explorer 3.02; Internet Explorer 3.0; Microsoft Internet Explorer; Microsoft"
name=PRODUCT>
<META content=EN-US name=MS.LOCALE>
<META content=News name=CATEGORY>
<META
content='(PICS-1.1 "http://www.rsac.org/ratingsv01.html"; l gen false comment "RSACi North America Server" for "http://www.microsoft.com/ie/"; on "1996.05.20T22:48-0500" r (n 0 s 0 v 0 l 0))'
http-equiv=PICS-Label>
<SCRIPT language=JavaScript><!--
// tests to see if the page was loaded without a parent document (not as part of frames)
// and pulls page into the frameset
function frameTest(){
if(top==self) {
var parent = "/ie/security/"
var currURL = unescape(window.location.pathname);
var newURL = parent + "?" + currURL;
var appVer = navigator.appVersion;
var NS = (navigator.appName == 'Netscape') && ((appVer.indexOf('3') != -1) || (appVer.indexOf('4') != -1));
var MSIE = (appVer.indexOf('MSIE 4') != -1);
if (NS || MSIE)
location.replace(newURL);
else
location.href = newURL;
}
}
//-->
</SCRIPT>
<SCRIPT language=JavaScript><!--
var ua = navigator.userAgent;
var win = ua.indexOf('Win') != -1;
var mac = ua.indexOf("Mac") != -1;
var isNN = navigator.appName == "Netscape";
var leftnav = ''
if (mac)
leftnav = 'macleft';
else if (!mac && !win) {
if ((ua.indexOf('MSIE') != -1) && parseInt(navigator.appVersion) >= 4)
leftnav = 'unixIEleft';
else if (isNN)
leftnav = 'unixNNleft';}
else if (ua.indexOf("MSIE 3") != -1)
leftnav = 'ie3left';
else if (isNN)
leftnav = 'nav4left';
else
leftnav = 'ie4left';
if (leftnav.length > 1)
document.write('<LINK REL="stylesheet" TYPE="text/css" HREF="/ie/global/' + leftnav + '.css">');//--></SCRIPT>
<STYLE>
<!--
.btop {text-decoration: none; color: black;}
.btop:hover {text-decoration:underline; color:red;}
-->
</STYLE>
<META content='"MSHTML 4.72.2106.11"' name=GENERATOR>
</HEAD>
<BODY bgColor=#ffffff leftMargin=0 link=#000066 onload=frameTest() text=#000000
topMargin=0 vLink=#666666>
<DIV>As is mentioned in todays local newspaper(De Telegraaf - 980804 -
"E-mail At Risk")</DIV>
<DIV>find futher below Microsofts' website solution for the alledged big
destructive security-problem. </DIV>
<DIV> </DIV>
<DIV>--------------------quote newspaper:</DIV>
<DIV>"Attachements can cause crashes, even without opening, and on deleting
are capable</DIV>
<DIV>to run hackers' destructive instructions etc.".</DIV>
<DIV>Experts and Researchers of the Oulu University, Finland, have a found a
huge leak in</DIV>
<DIV>security safety of popular e-mail programs.</DIV>
<DIV>Experts have said it to be the biggest e-mail problem ever. Both Outlook
Express and</DIV>
<DIV>Netscape have proven not to be safety-proof.</DIV>
<DIV>Tests have resulted in the discovery "that in the program, on deleting
of messages(emails),</DIV>
<DIV>hackers' are caple to have their destructive instructions to be
executed".</DIV>
<DIV>The security-leak is part of the fact that when something goes wrong within
an email program,</DIV>
<DIV>eg crash, this cannot be recoverd at "one central-point". For
this, Microsoft has made</DIV>
<DIV>available an additional patch solving the problem. Netscape is working on a
patch too.</DIV>
<DIV>Netscape advises never to 'read' attachements from unknown senders.
Instead,</DIV>
<DIV>a return-message should be send to the mails' sender and asked him/her to
put the</DIV>
<DIV>attachements' message in the
main-message. </DIV>
<DIV>---------------------unquote newspaper.</DIV>
<DIV> </DIV>
<DIV>In my (and from others) business opinion Netscape's advice is that of a
dying out dynasty, trying</DIV>
<DIV>to rule what's left to be ruled, blowing out final last air. With an
unpractical and somehow useless</DIV>
<DIV>advice(for some it can help) and also considering Outlooks' luxuries in
program handling, its no</DIV>
<DIV>wonder that company couldn't keep up the browsers-race.</DIV>
<DIV>Software Co's should "go out and create and develope" and provide
the means.</DIV>
<DIV>In todays modern technology of internet-mail, email replaces faxmachines,
telexes and</DIV>
<DIV>the 'everyday' postman by millions to one.</DIV>
<DIV>Use and exceptance of attachements has become a common business standard
for fast</DIV>
<DIV>communicating and has proven to be irreplacable, like our common 'everyday'
mailbox.</DIV>
<DIV>Attachements are Enrichments of plain boring mails too, and also are a very
accurate</DIV>
<DIV>prooven way to be treasureable in transport of 'goods' and messaging,
ordering etc..</DIV>
<DIV>A program like QuickViewPlus "QVP-v4.x" (from Inso at <A
href="http://www.inso.com";>http://www.inso.com</A> ) enables</DIV>
<DIV>viewing WITHOUT editing(=activating) of the attachements.</DIV>
<DIV>The problem mentioned above though(deleting), cannot be fixed by not
opening of a mail,</DIV>
<DIV>but needs a programs' system-design internals 'correction'.</DIV>
<DIV>Microsoft, as being technically rightious advancers, have already arranged
for the above</DIV>
<DIV>problems' solutioning with a security-patch.</DIV>
<DIV><A
href="http://www.microsoft.com/ie/security/main.htm";>http://www.microsoft.com/ie/security/main.htm</A></DIV>
<DIV>(for patchs' address replace "main.htm" with
"oelong.htm")</DIV>
<DIV> </DIV>
<DIV>Note to all Foreign Users of Outlook Express:</DIV>
<DIV>However this is a "for English-program's versions only"
applicable patch.</DIV>
<DIV>All other foreign language progams' systems will have to wait until it
becomes available.</DIV>
<DIV>My version is (OE401- 4.72.2106.4 -Dutch NL) so I too will have
to wait untill this badly</DIV>
<DIV>needed fix-patch is available.</DIV>
<DIV>In the mean time short filenames(8 characters/positions in the name) for
attachements</DIV>
<DIV>are a (but very minor) solution, but as no-one is restricted anymore in the
use of the former</DIV>
<DIV>old dos' restrictions of characters in names, alerts will have to be at
adressees' site.</DIV>
<DIV> </DIV>
<DIV>Regards,</DIV>
<DIV>Ton Maas</DIV>
<DIV>Ms-IRB@xxxxxxxxx</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV> </DIV><!--TOOLBAR_START--><!--TOOLBAR_EXEMPT--><!--TOOLBAR_END--><A
name=top></A>
<TABLE border=0 cellPadding=0 cellSpacing=0 width=98%>
<TBODY>
<TR><!-- LEFT NAVIGATION AREA START -->
<TD rowSpan=2 vAlign=top width=103>
<TABLE border=0 cellPadding=0 cellSpacing=0 width=103>
<TBODY>
<TR vAlign=top>
<TD colSpan=2><IMG alt="General Product Information"
height=11 src="/ie/images/side/sb_contents.gif"
width=103><BR><IMG height=3
src="/ie/images/trans_space.GIF" width=103><BR></TD></TR>
<TR vAlign=top>
<TD width=13><IMG border=0 height=10
src="/ie/images/side/square1.gif" width=13></TD>
<TD class=tall width=90><FONT size=2><A class=navLnkB
href="/ie/security/main.htm"><B>Security
Home</B></A></FONT></TD></TR>
<TR vAlign=top>
<TD width=13><IMG border=0 height=10
src="/ie/images/side/square1.gif" width=13></TD>
<TD class=tall><FONT size=2><A class=navLnkB
href="/ie/ie40/features/ie-security.htm"
target=_top><B>4.0 Security Features</B></A></FONT></TD></TR>
<TR vAlign=top>
<TD><IMG border=0 height=10
src="/ie/images/side/square1.gif" width=13></TD>
<TD class=tall><FONT size=2><B><A class=navLnkB
href="/ie/security/ie4security.htm">Security White
Paper</A></B></FONT></TD></TR>
<TR vAlign=top>
<TD colSpan=2><IMG height=5 src="/ie/images/blk.gif"
vspace=5 width=103><BR></TD></TR>
<TR vAlign=top>
<TD><IMG height=10 src="/ie/images/side/square1.gif"
width=13></TD>
<TD class=tall><FONT size=2><B><A class=navLnkB
href="/ie/press/" target=_top>Press</A></B></FONT></TD></TR>
<TR vAlign=top>
<TD><IMG height=10 src="/ie/images/side/square1.gif"
width=13></TD>
<TD class=tall><FONT size=2><B><A class=navLnkB
href="/ie/partners/"
target=_top>Partners</A></B></FONT></TD></TR>
<TR vAlign=top>
<TD><IMG height=10 src="/ie/images/side/square1.gif"
width=13></TD>
<TD class=tall><FONT size=2><B><A class=navLnkB
href="/ie/homeuser/" target=_top>Home
Users</A></B></FONT></TD></TR>
<TR vAlign=top>
<TD><IMG height=10 src="/ie/images/side/square1.gif"
width=13></TD>
<TD class=tall><FONT size=2><B><A class=navLnkB
href="/ie/corp/"
target=_top>Business</A></B></FONT></TD></TR></TBODY></TABLE></TD><!-- LEFT NAVIGATION AREA END --><!-- ALIGNMENT SPACER -->
<TD width=19><IMG alt="" height=1 src="/ie/images/trans_space.gif"
width=19></TD><!-- MAIN CONTENT START -->
<TD vAlign=top width=100%><FONT face="Verdana, Arial, Helvetica"
size=3><B>Fix available for Outlook Express File Attachment
issue</B></FONT><BR><FONT face="Verdana, Arial, Helvetica"
size=2><B><I>This page last updated on July 31, 1998</I></B></FONT>
<P><FONT face="Verdana, Arial, Helvetica" size=2>On July 27th
Microsoft posted a patch to Microsoft Outlook Express that provides
a fix against a potential problem involving file attachments that
have long names. After careful analysis, a similar issue was found
that is not fixed by the current patch. We will issue an update to
this patch shortly.
<P>You can download the patch offered below for a solution to the
initial issue, but you may want to return to this page for more
information as it becomes available. When a new version of the patch
is available, we will also notify customers through the Microsoft
Security Alert Notification Service and a Microsoft Security Advisor
<A
href="http://www.microsoft.com/security/bulletins/ms98-008.htm";>bulletin</A>.
<P>You can read more about the problem below, but first let's give
you the fix. If you don't see our recommendation for your computer
in a yellow box below this paragraph, see <A href="#who">Whose
computer is at risk?</A> below.
<P align=center>(message:)<BR>You seem to be running Internet
Explorer 4.01 on Windows 98, Windows <BR>95, or Windows NT
4.0.<BR>
<BR>If so, and you are also running Outlook Express, your computer
is <BR>susceptible to the Outlook Express File Attachment issue and
we <BR>recommend that you download the patch for Internet Explorer
4.01 <BR>now. This patch is for the English language
only.<BR>
<BR>International users: Patches will be available in several
languages. <BR>Check back soon for your language.
<P><BR><B><FONT size=3>About the potential
problem</FONT></B><BR>This issue can cause Outlook Express to crash
when a user receives and opens an e-mail message with an attachment
that has an extremely long filename. The long filename could be
followed by arbitrary code which could then execute after the crash
has occurred. It is difficult but possible for an individual to
cause malicious code to be executed on your computer as a result of
this problem. </P>
<P>There have been no reports of any customer being affected by this
issue.
<P><A name=who></A><B><FONT size=3>Whose computer is at
risk?</FONT></B><BR>If a yellow box appears near the top of this
page, it will tell you if your computer could be affected by the
Outlook Express File Attachment issue, and you don't need to read
any further.
<P>If you don't see the yellow box or are concerned about computers
with other operating system/software combinations, see the list
below.
<P><!-- Start Breakout -->
<TABLE>
<TBODY>
<TR>
<TD><IMG src="/ie/images/trans_space.GIF" width=20></TD>
<TD>
<HR color=#333399 SIZE=2>
<FONT size=2><B>This issue affects</B> people who use a
version of Outlook Express that shipped with Microsoft
Internet Explorer 4.0 or 4.01 on Windows 98, Windows 95,
Windows NT 4.0, Windows NT for DEC Alpha, Macintosh, or
UNIX.
<P><I>Windows 3.1 and Windows NT 3.51 versions of
Internet Explorer are <B>not</B> affected by this
issue.</I> </FONT><BR>
<HR color=#333399 SIZE=2>
</TD>
<TD><IMG src="/ie/images/trans_space.GIF"
width=30></TD></TR></TBODY></TABLE><!-- End Breakout -->
<P>Here is a list of operating systems and the fixes for Outlook
Express that shipped with the various versions of Internet Explorer
4.0. (The patches listed for Windows operating systems -- including
Windows NT for DEC Alpha -- are for the <I>English language
only;</I> other languages will be available soon):
<UL>
<LI><B>Windows 98, Windows 95, and Windows NT 4.0</B>
<UL>
<LI><B><I>Internet Explorer with Outlook Express 4.01
Service Pack 1</I></B>: <FONT color=red><B>At
risk.</B></FONT> <A
href="/msdownload/iebuild/oebuff/en/27646.htm"
target=_top>Download the 4.01 SP1 patch now</A>.
<LI><B><I>Internet Explorer with Outlook Express
4.01</I></B>: <FONT color=red><B>At risk.</B></FONT> <A
href="/msdownload/iebuild/oebuff/en/27645.htm"
target=_top>Download the 4.01 patch now</A>.
<LI><B><I>Internet Explorer with Outlook Express
4.0</I></B>: <FONT color=red><B>At risk.</B></FONT> Patches
are available only for Internet Explorer 4.01. We recommend
that you <A href="/ie/download/" target=_top>download the
latest version of Internet Explorer 4.0</A> (which is
version 4.01 and includes Service Pack 1) and return to this
page to download the patch for that browser. </LI></UL><BR>
<LI><B>Windows 3.1, Windows 3.11, and Windows NT 3.51</B>
<UL>
<LI>Internet Explorer with Outlook Express 4.0 or 4.01:
<FONT color=green><B>Not at risk.</B></FONT> </LI></UL><BR>
<LI><B>Windows NT for DEC Alpha</B>
<UL>
<LI><B><I>Internet Explorer with Outlook Express 4.01
Service Pack 1</I></B>: <FONT color=red><B>At
risk.</B></FONT> <A
href="/msdownload/iebuild/oebuff/en/27644.htm"
target=_top>Download the patch now</A>.
<LI><B><I>Internet Explorer with Outlook Express
4.01</I></B>: <FONT color=red><B>At risk.</B></FONT> <A
href="/msdownload/iebuild/oebuff/en/27643.htm"
target=_top>Download the patch now</A>. </LI></UL><BR>
<LI><B>Macintosh</B>
<UL>
<LI><B><I>Outlook Express 4.01 (297)</I></B>: <FONT
color=green><B>Not at risk.</B></FONT>
<LI><B><I>Outlook Express 4.01 (less than 297)</I></B>:
<FONT color=red><B>At risk.</B></FONT> <A
href="/msdownload/iebuild/oebuff_mac/en/oebuff_mac.htm"
target=_top>Download the patch now</A>.
<LI><B><I>Outlook Express 4.0 </I></B>: <FONT
color=red><B>At risk.</B></FONT> Patches are available only
for Outlook Express 4.01. We recommend that you <A
href="/msdownload/iebuild/ie401_mac/en/ie401_mac.htm"
target=_top>download Outlook Express 4.01</A> and return to
this page to download the patch for Outlook Express 4.01.
</LI></UL><BR>
<LI><B>UNIX (Solaris)</B>
<UL>
<LI><B><I>Outlook Express 4.0</I></B>: <FONT color=red><B>At
risk.</B></FONT> A fix will be available soon. Check this
page in a few days. </LI></UL><BR></LI></UL>
<P><B><FONT size=3>Which version do you have?</FONT></B><BR>If you
are running any of the affected <B>Windows</B> operating systems --
including Windows NT for DEC Alpha -- you can determine which fix
you need by finding out which version of Outlook Express you have.
To learn your version number, go to the Help menu in Outlook
Express, click About Microsoft Outlook Express, and look at the
number below the words "Outlook Express" in the dialog
box:
<UL>
<LI>If the number is <B>4.72.31xx.x</B>, you need a fix for
Internet Explorer 4.01 Service Pack 1.
<LI>If the number is <B>4.72.21xx.x</B>, you need a fix for
Internet Explorer 4.01.
<LI>If the number is <B>4.71.17xx.x</B>, your version shipped
with Internet Explorer 4.0, and you should <A
href="/ie/download/" target=_top>download the latest version of
Internet Explorer 4.0</A> (which is version 4.01 and includes
Service Pack 1). Then return to this page to download the patch
for that browser. </LI></UL>
<P>If you are running a <B>Macintosh</B> operating system, you can
determine which fix you need by finding out which version of Outlook
Express you are running. To learn your version number, go to the
Apple menu in Outlook Express, click About Outlook Express, and look
at the version number text.
<UL>
<LI>If the text is Version <B>4.01 (297)</B>, you do not need
the patch.
<LI>If the text is Version <B>4.01 (xxx) and xxx is less than
297</B>, you need the <A
href="/msdownload/iebuild/oebuff_mac/en/oebuff_mac.htm"
target=_top>patch for Outlook Express 4.01</A>.
<LI>If the text is Version <B>4.0</B>, you should <A
href="/msdownload/iebuild/ie401_mac/en/ie401_mac.htm"
target=_top>download Outlook Express 4.01</A> and return to this
page to download the patch. </LI></UL>
<P>If you are running a UNIX (Solaris) operating system, you don't
have to know your Outlook Express version since a single fix will be
available.
<P></FONT></P></TD><!-- MAIN CONTENT END --></TR>
<TR><!-- COPYRIGHT AND DATE INFO. START -->
<TD> </TD>
<TD colSpan=2><BR><FONT face="Verdana, Arial, Helvetica" size=1><A
class=btop href="#top"><IMG alt="Back to the top" border=0 height=7
src="/ie/images/to_top.gif" width=16>Back to the top</A><BR>
<HR align=left color=black noShade SIZE=1 width=98%>
© <A href="/misc/cpyright.htm" target=_top>1998 Microsoft
Corporation. All rights reserved. Terms of Use</A>.<BR>Last Updated:
Friday, July 31, 1998<BR>Photos: PhotoDisc; Jon Feingersh/Picture
Network International
</FONT></TD><!-- COPYRIGHT AND DATE INFO. END --></TR></TBODY></TABLE></BODY></HTML>
</x-html>From ???@??? Tue Aug 04 09:00:23 1998
Received: from freeze.metastock.com (204.246.137.5)
by mail05.rapidsite.net (RS ver 0.3) with SMTP id 23705
for <neal@xxxxxxxxxxxxx>; Tue, 4 Aug 1998 11:40:52 -0400 (EDT)
Received: (from majordom@xxxxxxxxx)
by freeze.metastock.com (8.8.5/8.8.5) id HAA21099
for metastock-outgoing; Tue, 4 Aug 1998 07:56:08 -0600 (MDT)
X-Authentication-Warning: freeze.metastock.com: majordom set sender to owner-metastock@xxxxxxxxxxxxx using -f
Received: from server1.softdisk.com (server1.softdisk.com [206.28.109.1])
by freeze.metastock.com (8.8.5/8.8.5) with ESMTP id HAA21088
for <metastock@xxxxxxxxxxxxx>; Tue, 4 Aug 1998 07:56:04 -0600 (MDT)
Received: from LOCALNAME (tty055.softdisk.com [206.28.109.154])
by server1.softdisk.com (8.8.8/8.8.8) with SMTP id IAA27581
for <metastock@xxxxxxxxxxxxx>; Tue, 4 Aug 1998 08:48:25 -0500 (CDT)
Message-ID: <35C72D9F.7A00@xxxxxxxxxxxx>
Date: Tue, 04 Aug 1998 08:50:47 -0700
From: Al Taglavore <altag@xxxxxxxxxxxx>
Organization: Car Parts Warehouse, Inc.
X-Mailer: Mozilla 3.0 (Win16; U)
MIME-Version: 1.0
To: metastock@xxxxxxxxxxxxx
Subject: Re:
References: <199808041204.IAA08105@xxxxxxxxxxxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-metastock@xxxxxxxxxxxxx
Precedence: bulk
Reply-To: metastock@xxxxxxxxxxxxx
X-Loop-Detect: 1
MetaStock formula in indicator list is Averag True Range. You set the
parameter i.e., 10.
Al Taglavore
Paul Delia wrote:
>
> Hi All,
>
> Can someone give me a formula to find out the average range of a stock over
> the past 10 days.
>
> TIA,
>
> Paul
|