<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos network security services platform

Bugtraq: Re: .MHT Buffer Overflow in Internet Explorer

Re: .MHT Buffer Overflow in Internet Explorer

From: Thor Larholm <thor_at_pivx.com>
Date: Sun, 26 Jan 2003 00:23:16 +0100

> From: "jelmer" <jelmer_at_kuperus.xs4all.nl>
> I believe from ie6 SP1 on IE doesn't open any mht files directly from the
> web anymore.
> from the local filesystem it still works though.

That's the funny thing, IE6 SP1 still allows opening MHT files directly from
the web in the Internet Zone, so this is remotely exploitable on websites.

Since MHT files are opened automatically, just like certain other media
files, you can also open an MHT file automatically through an email message
in the Restricted Zone.

Regards
Thor Larholm
PivX Solutions, LLC - Senior Security Researcher
Received on Mar 12 2003

This message: [ Message body ]
Next message: Mike Bell: "Re: [Summary of Responses] Bound by Tradition: A sampling of the security posture of the Internet's DNS servers"
Previous message: nesumin: "[Opera 7/6] Long Filename Buffer Overflow Vulnerability in Download"
In reply to: jelmer: "Re: .MHT Buffer Overflow in Internet Explorer"
Next in thread: Jouko Pynnonen: "Re: .MHT Buffer Overflow in Internet Explorer"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]