OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
NTBugtraq And NTSecurity Archives: Re: Final word: Eudora and m

Re: Final word: Eudora and malicious HTML

Vesselin Bontchev (bontchevCOMPLEX.IS)
Mon, 29 Nov 1999 18:53:39 +0000

Jonathan M. Gilligan writes:

> First, Eudora appears to effectively strip out all executable script
> if the "Allow Executable HTML Content" option is unchecked. Thus, it
> should NOT be possible for malicious HTML code to execute under Eudora
> WHETHER OR NOT you are using Microsoft's viewer. This means that if
> you have "Allow Executable HTML Content" turned off, I can't see any
> way for an email virus to affect your computer through Eudora.

No. This only means that an e-mail virus CONTAINED IN THE MESSAGE can't
affect your computer through Eudora. It does not necessarily mean that a
virus can't affect you through Eudora-read HTML e-mail message (although
that might well be the case). For instance, I remember that in the past
it was possible to use IFRAME and the fact that IE will launch some
applications like PowerPoint or Excel to view a remote PPT or XLS
document without asking for confirmation, to make a macro virus
(residing on a remote site) infect the user's machine when the user
views the specially prepared HTML message.

If I remember correctly, this hole was fixed - but there might be others
like it.

Regards,
Vesselin 

--
Vesselin Vladimirov Bontchev, not speaking for FRISK Software International,
Postholf 7180, IS-127, Reykjavik, Iceland               producers of F-PROT.
e-mail: bontchevcomplex.is, tel.: +354-561-7273, fax: +354-561-7274
PGP 2.6.2i key fingerprint: E5 FB 30 0C D4 AA AB 44  E5 F7 C3 18 EA 2B AE 4E

This archive was generated by hypermail 2.0b3 on Mon Nov 29 1999 - 13:28:17 CST