Does anyone know which MIME types will be executed automatically?
Microsoft is conspicuously silent on this, perhaps in an attempt
to discourage exploits. But failure to disclose the MIME types
affected also prevents administrators from filtering e-mail
attachments of those types -- which I'd like to do, since
Microsoft's patches (by its own admission) do not solve the
entire problem.
--Brett Glass
At 08:00 PM 3/29/2001, Microsoft Product Security wrote:
>The following is a Security Bulletin from the Microsoft Product Security
>Notification Service.
>
>Please do not reply to this message, as it was sent from an unattended
>mailbox.
> ********************************
>
>-----BEGIN PGP SIGNED MESSAGE-----
>
>- ----------------------------------------------------------------------
>Title: Incorrect MIME Header Can Cause IE to Execute E-mail
> Attachment
>Date: 29 March 2001
>Software: Microsoft Internet Explorer
>Impact: Run code of attacker's choice.
>Bulletin: MS01-020
>
>Microsoft encourages customers to review the Security Bulletin
>at: http://www.microsoft.com/technet/security/bulletin/MS01-020.asp.
>- ----------------------------------------------------------------------
