Home page logo

bugtraq logo Bugtraq mailing list archives

Re: HTML.dropper
From: Shane Hird <s.hird () STUDENT QUT EDU AU>
Date: Fri, 19 Jan 2001 09:19:45 -0000


With some testing, I've found that the 'subject-
overflow' problem is irrelevant to the 'filename 
overflow' problem, although as mentioned, this may 
help to overcome some email filters/scanners.

It seems OE is cutting the file name short to a 
specified length when trying to open it (consequently 
chopping off the real extension), but not cutting it 
short when determining which icon to use. (Note that 
the icon choice doesn't seem to be affected like this 
with the subject overflow problem.)

The following is an example which will produce 
a 'normal' email, with a standard attachment, 
however the 'filename' of the attachement is four 
characters too long, which just happens to be 
the '.gif' which gets chopped off, leaving just '.vbs'.

The filename displayed for the attachment will 
be 'nicepic.gif', followed by a lot of spaces which 
obviously aren't seen. Adjust the filename size as 
necessary for the client in question. I predict a new 
breed of i-worm to be using this technique in a short 

<snip email.eml>

To: "anyone () home com"
Date: Fri, 19 Jan 2001 18:44:39 +1000
MIME-Version: 1.0
Content-Type: multipart/mixed;

Content-Type: image/gif; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;

set WshShell = WScript.CreateObject



I apologise if this is already known, however I felt it 
should be clarified for this thread.


  By Date           By Thread  

Current thread:
  • HTML.dropper http-equiv () excite com (Jan 17)
    • <Possible follow-ups>
    • Re: HTML.dropper Shane Hird (Jan 19)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]