|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: IE and Outlook 5.x allow executing arbitrary programs using .eml files
From: David LeBlanc (dleblanc
MINDSPRING.COM)Date: Wed Mar 15 2000 - 11:12:16 CST
- Next message: The Unicorn: "nmap causes DoS on DGUX"
- Previous message: Guido Bakker: "abuse.man (webmanager kit)"
- In reply to: Georgi Guninski: "IE and Outlook 5.x allow executing arbitrary programs using .eml files"
- Next in thread: Georgi Guninski: "Re: IE and Outlook 5.x allow executing arbitrary programs using.eml files"
- Next in thread: Ryan Russell: "Re: IE and Outlook 5.x allow executing arbitrary programs using .eml files"
- Reply: David LeBlanc: "Re: IE and Outlook 5.x allow executing arbitrary programs using .eml files"
- Reply: Georgi Guninski: "Re: IE and Outlook 5.x allow executing arbitrary programs using.eml files"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
There's a couple of things that aren't clear here -
>IE and Outlook 5.x allow executing arbitrary programs using .eml files
>Description:
>There is a vulnerability in IE and Outlook 5.x for Win9x/WinNT (probably
>others) which allows executing arbitrary programs using .eml files.
Would this happen to apply to other web browsers, e.g., Netscape?
>Details:
>The problem is creating files in the TEMP directory with known name and
>arbitrary content.
How does the file get there? Do all .eml files create temp files? I
assume another work-around would be to have a user-specific temp directory,
such as Windows 2000 uses.
David LeBlanc
dleblancmindspring.com
- Next message: The Unicorn: "nmap causes DoS on DGUX"
- Previous message: Guido Bakker: "abuse.man (webmanager kit)"
- In reply to: Georgi Guninski: "IE and Outlook 5.x allow executing arbitrary programs using .eml files"
- Next in thread: Georgi Guninski: "Re: IE and Outlook 5.x allow executing arbitrary programs using.eml files"
- Next in thread: Ryan Russell: "Re: IE and Outlook 5.x allow executing arbitrary programs using .eml files"
- Reply: David LeBlanc: "Re: IE and Outlook 5.x allow executing arbitrary programs using .eml files"
- Reply: Georgi Guninski: "Re: IE and Outlook 5.x allow executing arbitrary programs using.eml files"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]