On Fri, 30 Mar 2001, Juan Carlos Garcia Cuartango wrote:

> Hi, Microsoft has released a security bulletin
> http://www.microsoft.com/technet/security/bulletin/ms01-020.asp
> entitled "Incorrect MIME Header Can Cause IE to Execute E-mail
> Attachment". EML files are MIME multipart files that IE 5 will parse.
> There is a vulnerability allowing arbitrary code execution using this
> kind of files. This vulnerabiliy could allow an hostile page or e-mail
> to perform any action on your computer. The vulnerability affects IE
> 5, IE 5.5 over all windows platforms. I have prepared some demos about
> the vulnerability in www.kriptopolis.com (major spanish security site)
> : http://www.kriptopolis.com/cua/eml.html Note : It you want to have a
> look to the hostile EML files you must click the right mouse button
> over the pictures and select the "Save Target As" menu option.
> Regards, Juan Carlos G. Cuartango

Hi,

Firstly, following the link above Cuartango has said "If you are using
Windows Media Player 7 the demo will not work" this is incorrect, testing
with IE 5.0 on Windows 2000 with Windows Media Player 7 (7.00.00.1956) the
EML files download and launch automatically causing the specified code to
execute.

Secondly, the file extention .NWS (OE News File) will achieve the same
result as a .EML file. So if you're filtering for these at your mail/proxy
server you might want to block these also. Like the .EML files these also
execute upon 'selecting' in windows explorer because of the preview
function.

ziss.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]