Bugtraq mailing list archives
Re: IE and Outlook 5.x allow executing arbitrary programs using .emlfiles
From: sylwek () ISP NET PL (Sylwester Zarębski)
Date: Wed, 15 Mar 2000 10:55:07 +0100
Georgi Guninski wrote:
Georgi Guninski security advisory #9, 2000 IE and Outlook 5.x allow executing arbitrary programs using .eml files Disclaimer: The opinions expressed in this advisory and program are my own and not of any company. The usual standard disclaimer applies, especially the fact that Georgi Guninski is not liable for any damages caused by direct or indirect use of the information or functionality provided by this program. Georgi Guninski, bears NO responsibility for content or misuse of this program or any derivatives thereof. Description: There is a vulnerability in IE and Outlook 5.x for Win9x/WinNT (probably others) which allows executing arbitrary programs using .eml files. This may be exploited when browsing web pages or openining an email message in Outlook. This may lead to taking control over user's computer. It is also possible to read and send local files. Details: The problem is creating files in the TEMP directory with known name and arbitrary content. One may place a .chm file in the TEMP directory which contains the "shortcut" command and when the .chm file is opened with the showHelp() method programs may be executed. This vulnerability may be exploited by HTML email message in Outlook.
[..cut..]
Demonstration which starts Wordpad: http://www.nat.bg/~joro/eml.html Workaround: Disable Active Scripting.
This doesn't work for my Win2000 with IE5.0. It only prompts me for saving *.chm file, without running. I can accept this and run, but this exclude working background. -- pozdrawiam.. ## ## | Sylwester ZarĂŞbski - ISP Group | #### ## | e-mail: sylwek () isp net pl | ## ## ## | ICQ uin: #45780888 | ## #### ## | Administrator ISP.NET.PL |
Current thread:
- IE and Outlook 5.x allow executing arbitrary programs using .eml files Georgi Guninski (Mar 14)
- Re: IE and Outlook 5.x allow executing arbitrary programs using .emlfiles Sylwester Zarębski (Mar 15)
- Re: IE and Outlook 5.x allow executing arbitrary programs using .eml files David LeBlanc (Mar 15)
- Re: IE and Outlook 5.x allow executing arbitrary programs using.eml files Georgi Guninski (Mar 17)
- Re: IE and Outlook 5.x allow executing arbitrary programs using .eml files Ryan Russell (Mar 15)
- [TL-Security-Announce] dump-0.4b11-1 and earlier TLSA200007-1 Katie Moussouris (Mar 15)
- Process hiding in linux Pavel Machek (Mar 15)
- Re: Process hiding in linux Peter W (Mar 17)
- PIX DMZ Denial of Service - TCP Resets Andrew Alston (Mar 20)
- vqserver /........../ Johan Nilsson (Mar 21)
- Re: PIX DMZ Denial of Service - TCP Resets Darren Reed (Mar 21)
- Re: PIX DMZ Denial of Service - TCP Resets Guido van Rooij (Mar 27)
- Re: Process hiding in linux Peter W (Mar 17)