Full Disclosure: Re: 2 vulnerabilities combine to auto execute received files in Nokia series 60 OS

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

Re: 2 vulnerabilities combine to auto execute received files in Nokia series 60 OS

From: "KF (lists)" <kf_lists () digitalmunition com>
Date: Mon, 24 Jan 2005 10:29:31 -0500

so then the bottom line is that there is a bug. When files are beingtransfered they should also be identified via the content of the filerather than the extension...

-KF

The second one is also know feature, the file type is not determinated
from the extension but from the content of the file. So a sis package
renamed to an jpeg file still looks from the inside as a sis package and
so the user is prompted for installation.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

By Date By Thread

Current thread:

2 vulnerabilities combine to auto execute received files in Nokia series 60 OS rohit (Jan 24)
- Re: 2 vulnerabilities combine to auto execute received files in Nokia series 60 OS KF (lists) (Jan 24)
  - Re: 2 vulnerabilities combine to auto execute received files in Nokia series 60 OS Valdis . Kletnieks (Jan 24)
- RE: 2 vulnerabilities combine to auto execute received files in Nokia series 60 OS Paul Kurczaba (Jan 24)
  - Re: 2 vulnerabilities combine to auto execute received files in Nokia series 60 OS Thierry Zoller (Jan 24)
  - Re: 2 vulnerabilities combine to auto execute received files in Nokia series 60 OS Anders Langworthy (Jan 24)
  - Re: 2 vulnerabilities combine to auto execute received files in Nokia series 60 OS dk (Jan 24)