Hi,
Microsoft has released a security bulletin
http://www.microsoft.com/technet/security/bulletin/ms01-020.asp entitled "Incorrect MIME Header Can Cause IE to
Execute E-mail Attachment".
EML files are MIME multipart files that IE 5 will
parse. There is a vulnerability allowing arbitrary code execution using this
kind of files. This vulnerabiliy could allow an hostile page or e-mail to
perform any action on your computer. The vulnerability affects IE 5, IE 5.5 over
all windows platforms.
I have prepared some demos about the vulnerability
in www.kriptopolis.com (major
spanish security site) :
Note : It you want to have a look to
the hostile EML files you must click the right mouse button over the
pictures and select the "Save Target As" menu option.
Regards,
Juan Carlos G. Cuartango
|
Incorrect MIME Header Can Cause IE to Execute E-mail Attachment
Juan Carlos Garcia Cuartango Fri, 30 Mar 2001 07:02:27 -0800
- Re: Incorrect MIME Header Can Cause IE to Exe... Juan Carlos Garcia Cuartango
- Re: Incorrect MIME Header Can Cause IE t... Gossi The Dog