OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Obscure - (obscurecybergoth.i-p.com)
Date: Fri May 11 2001 - 12:15:37 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Advisory Title: Incredimail allows automatic over writing of files on your hard disk

    Release Date: 05/08/2001

    Application: Incredimail

    Platform: Windows NT4
    Windows 2000
    Windows 9x/me

    Build: 1400185 .. possibly earlier builds as well

    Severity: Malicious users can easily over write system files.

    Author: Obscure^ [obscurecybergoth.i-p.com]

    Vendor Status: Did not respond to my e-mails. Maybe not interested, or asleep (?) ...

    Web:

    http://irc.m0ss.com/eos/main.pl?main=advisories/incredimail.html&menu=menu/advisories.html (maybe wrapped)
    http://www.incredimail.com

    Background.

    (extracted from
    http://www.incredimail.com/english/what.html)

    IncrediMail is an advanced email program that offers you,
    the user, an unprecedented interactive experience. With
    IncrediMail you can tailor your emails according to your
    mood and personality. Visual effects will entertain your
    every sense. Go ahead. Express yourself like you never
    did before!

    My comments: Incredimail does really look quite cool, with
    animations similar to the e-mail on Mission Impossible,
    plus it's free.

    Problem.

    Users can specify the filename of the skin, notifyer, animation etc
    This is specified in a text file called Content.ini, which is
    found in the compressed skin or animation.
    By appending the traditional dot dot to the filename, malicious users
    can easily over write any files on the same partition as Incredimail
    is intalled to.
    The file is automatically downloaded and copied to the client
    machine when it accesses a site or e-mail which starts a download
    for the Incredimail file. If the file already exists it tries
    to over write it.

    See the exploit example.

    Exploit Example.

    http://irc.m0ss.com/eos/advisories/incredimailexploit
    This webpage will simply create a file on C: (depends on which
    partition you installed Incredimail) named Obscure.dat.

    Disclaimer.

    The information within this document may change without notice. Use of
    this information constitutes acceptance for use in an AS IS
    condition. There are NO warranties with regard to this information.
    In no event shall the author be liable for any consequences whatsoever
    arising out of or in connection with the use or spread of this
    information. Any use of this information lays within the user's
    responsibility.

    Feedback.

    Please send suggestions, updates, and comments to:

    Eye on Security
    mail:obscurecybergoth.i-p.com
    http://irc.m0ss.com/eos 

    -- 
[ Free e-mail  http://www.cybergoth.cjb.net ]

    Powered by Instant Portal