Bugtraq mailing list archives
Re: IE and Outlook 5.x allow executing arbitrary programs using .eml files
From: dleblanc () MINDSPRING COM (David LeBlanc)
Date: Wed, 15 Mar 2000 09:12:16 -0800
There's a couple of things that aren't clear here -
IE and Outlook 5.x allow executing arbitrary programs using .eml files
Description: There is a vulnerability in IE and Outlook 5.x for Win9x/WinNT (probably others) which allows executing arbitrary programs using .eml files.
Would this happen to apply to other web browsers, e.g., Netscape?
Details: The problem is creating files in the TEMP directory with known name and arbitrary content.
How does the file get there? Do all .eml files create temp files? I assume another work-around would be to have a user-specific temp directory, such as Windows 2000 uses. David LeBlanc dleblanc () mindspring com
Current thread:
- IE and Outlook 5.x allow executing arbitrary programs using .eml files Georgi Guninski (Mar 14)
- Re: IE and Outlook 5.x allow executing arbitrary programs using .emlfiles Sylwester Zarębski (Mar 15)
- Re: IE and Outlook 5.x allow executing arbitrary programs using .eml files David LeBlanc (Mar 15)
- Re: IE and Outlook 5.x allow executing arbitrary programs using.eml files Georgi Guninski (Mar 17)
- Re: IE and Outlook 5.x allow executing arbitrary programs using .eml files Ryan Russell (Mar 15)
- [TL-Security-Announce] dump-0.4b11-1 and earlier TLSA200007-1 Katie Moussouris (Mar 15)
- Process hiding in linux Pavel Machek (Mar 15)
- Re: Process hiding in linux Peter W (Mar 17)
- PIX DMZ Denial of Service - TCP Resets Andrew Alston (Mar 20)
- vqserver /........../ Johan Nilsson (Mar 21)
- Re: PIX DMZ Denial of Service - TCP Resets Darren Reed (Mar 21)
- Re: PIX DMZ Denial of Service - TCP Resets Guido van Rooij (Mar 27)
- Re: Process hiding in linux Peter W (Mar 17)
- Re: Process hiding in linux Pavel Machek (Mar 20)