-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I can confirm that on a W2K SP1 with IE 5.5 SP1 + Q290108.

The interesting thing is that the Open/Save As dialog box says just
"readme.txt from", without displaying the host name. This can serve
as a warning to paranoid users.

This is clearly a dialog box trick, as the "Always ask before opening
this type of file" checkbox is both checked and disabled, which is
the behavoir for executables, and not for .TXT files.

Nevertheless, this is a problem and it needs to be fixed.

Philip

- ----- Original Message -----
From: "JC (Kriptopolis)" <cuartangoKRIPTOPOLIS.COM>
To: <BUGTRAQSECURITYFOCUS.COM>
Sent: Wednesday, April 04, 2001 4:28 PM
Subject: MS patch Q292108 opens a vulnerability

> Hi,
> Last MS patch Q290108 released with the bulletin MS01-020 opens a
> new vulnerability.
> A tricked EML file can confuse the user displaying him a fake
> downlodaded file name. Executable files can be disguised as other
> supposedly inocent files (text, sound or images).
> Demo is available in :
> http://www.kriptopolis.com/cua/20010404.html
> The issue was reported to MS on 22 february and they argue : this
> is not a vulnerability as far as It involves a use decision.
> Jesus Lopez de Aguileta has also posted the vulnerability to this
> list. Juan Carlos G. Cuartango

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBOstkuli4DH/L1CReEQIRLwCgwCuQPXPUCAKc6iR6f9ogoc6lGjwAn2Js
o79pjcllbeQCnDYQ2qBgk1xH
=hnwE
-----END PGP SIGNATURE-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]