Outlook \r expliots - ripMIME fix.

From: Paul L Daniels (pldaniels@pldaniels.com)
Date: 02/18/02

• Previous message: David F. Skoll: "Re: Non existing attachments, more info"
• In reply to: Gary McGraw: "Microsoft compiler flaw, Cigital responds"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Mon, 18 Feb 2002 15:43:53 +1000
From: Paul L Daniels <pldaniels@pldaniels.com>
To: pldaniels@pldaniels.com

A recent announcement of ripMIME 1.2.12 has been superceded with a new release which covers several issues as mentioned in 3APA3A@SECURITY.NNOV.RU's content-exploits analysis post.

Specifically,

        "\0 data poisoning" and "fake-end-of-line termination" (due to fgets()) have been immediately covered.

Issues with UTF formatting is still present (although detection of the data content is not affected, as content-scanners should not use the file name as anything more than a subtle-guide).

        ripMIME is available at http://pldaniels.org/ripmime

Regards.

-- 
Paul L Daniels    http://www.pldaniels.com
Linux/Unix systems    Internet Development
ICQ#103642862,AOL:cinflex,IRC:inflex 
A.B.N. 19 500 721 806

---

• Previous message: David F. Skoll: "Re: Non existing attachments, more info"
• In reply to: Gary McGraw: "Microsoft compiler flaw, Cigital responds"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)