|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: JC (Kriptopolis) (cuartango
KRIPTOPOLIS.COM)Date: Wed Apr 04 2001 - 08:28:10 CDT
Hi,
Last MS patch Q290108 released with the bulletin MS01-020 opens a new
vulnerability.
A tricked EML file can confuse the user displaying him a fake downlodaded
file name. Executable files can be disguised as other supposedly inocent
files (text, sound or images).
Demo is available in :
http://www.kriptopolis.com/cua/20010404.html
The issue was reported to MS on 22 february and they argue : this is not a
vulnerability as far as It involves a use decision.
Jesus López de Aguileta has also posted the vulnerability to this list.
Juan Carlos G. Cuartango
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]