mailing list archives
Re: IE and Outlook 5.x allow executing arbitrary programs using .eml files
From: dleblanc () MINDSPRING COM (David LeBlanc)
Date: Wed, 15 Mar 2000 09:12:16 -0800
There's a couple of things that aren't clear here -
IE and Outlook 5.x allow executing arbitrary programs using .eml files
There is a vulnerability in IE and Outlook 5.x for Win9x/WinNT (probably
others) which allows executing arbitrary programs using .eml files.
Would this happen to apply to other web browsers, e.g., Netscape?
The problem is creating files in the TEMP directory with known name and
How does the file get there? Do all .eml files create temp files? I
assume another work-around would be to have a user-specific temp directory,
such as Windows 2000 uses.
dleblanc () mindspring com