|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: IE and Outlook 5.x allow executing arbitrary programs using .eml files
From: Ryan Russell (ryan
SECURITYFOCUS.COM)Date: Wed Mar 15 2000 - 11:24:52 CST
- Next message: Katie Moussouris: "[TL-Security-Announce] dump-0.4b11-1 and earlier TLSA200007-1"
- Previous message: Sebastian: "TESO & C-Skills development advisory -- imwheel"
- In reply to: Georgi Guninski: "IE and Outlook 5.x allow executing arbitrary programs using .eml files"
- Next in thread: Sylwester Zarębski: "Re: IE and Outlook 5.x allow executing arbitrary programs using .emlfiles"
- Reply: Ryan Russell: "Re: IE and Outlook 5.x allow executing arbitrary programs using .eml files"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tue, 14 Mar 2000, Georgi Guninski wrote:
> Georgi Guninski security advisory #9, 2000
>
> IE and Outlook 5.x allow executing arbitrary programs using .eml files
>
Works fine on NT4 Server, SP5, IE 5.00.2919.6307, but it prompts whether I
want to save it or run it. If I run it, wordpad is launched. This is
from the web page demo.
Ryan
- Next message: Katie Moussouris: "[TL-Security-Announce] dump-0.4b11-1 and earlier TLSA200007-1"
- Previous message: Sebastian: "TESO & C-Skills development advisory -- imwheel"
- In reply to: Georgi Guninski: "IE and Outlook 5.x allow executing arbitrary programs using .eml files"
- Next in thread: Sylwester Zarębski: "Re: IE and Outlook 5.x allow executing arbitrary programs using .emlfiles"
- Reply: Ryan Russell: "Re: IE and Outlook 5.x allow executing arbitrary programs using .eml files"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]