Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: IE and Outlook 5.x allow executing arbitrary programs using .eml files
From: dleblanc () MINDSPRING COM (David LeBlanc)
Date: Wed, 15 Mar 2000 09:12:16 -0800


There's a couple of things that aren't clear here -

IE and Outlook 5.x allow executing arbitrary programs using .eml files

Description:
There is a vulnerability in IE and Outlook 5.x for Win9x/WinNT (probably
others) which allows executing arbitrary programs using .eml files.

Would this happen to apply to other web browsers, e.g., Netscape?

Details:
The problem is creating files in the TEMP directory with known name and
arbitrary content.

How does the file get there?  Do all .eml files create temp files?  I
assume another work-around would be to have a user-specific temp directory,
such as Windows 2000 uses.

David LeBlanc
dleblanc () mindspring com


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]