RE: Security Note: File extensions spoofable in MSIE download dia log
From: Brian Cervenka (focus-ms@zerobelow.org)Date: 12/12/01
- Previous message: Garrett Murphy: "Event log managment"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 12 Dec 2001 13:23:00 -0800 (PST) From: Brian Cervenka <focus-ms@zerobelow.org> To: focus-ms@securityfocus.com
Well, on a similar note, that type of thing can be done in older versions
of outlook:
Pine gives me a line where I can select a file name:
Attchmnt: 1. /home/blah/test.bat (22 B) "test.txt"
If I send this to an outlook client, the client refers to the file as
test.txt everywhere (clicking the paperclip, to open it, and such)...but,
when I click "Open this" it will actually run the batch file.
The headers when they show up at oulook are:
--1363184398-182022148-1008191960=:7769
Content-Type: TEXT/PLAIN; charset=US-ASCII; name="test.bat"
Content-Transfer-Encoding: BASE64
Content-Description: test.txt
Content-Disposition: attachment; filename="test.bat"
Now, on a fully patched version of outlook, I can no longer open the
attachment, but instead get the message:
Outlook blocked access to the following potentially unsafe attachments:
test.txt
(And this also works on .exe files, etc too)
--brian
- Previous message: Garrett Murphy: "Event log managment"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
