Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IE and Outlook 5.x allow executing arbitrary programs using . eml files

From: cschoedel () CLICKNET COM (Schoedel, Christine)
Date: Fri, 17 Mar 2000 09:03:14 -0800

It also works on NT Workstation 4.0 SP4, IE 5.00.2314.1003, Outlook 2000.
It prompts to save or run - if I choose Run, it works.  If I choose Cancel,
it works.  If I close the box with Esc, it still works.

Chris

-----Original Message-----
From: Ryan Russell [mailto:ryan () SECURITYFOCUS COM]
Sent: Wednesday, March 15, 2000 9:25 AM
To: BUGTRAQ () SECURITYFOCUS COM
Subject: Re: IE and Outlook 5.x allow executing arbitrary programs using
.eml files

On Tue, 14 Mar 2000, Georgi Guninski wrote:


Georgi Guninski security advisory #9, 2000

IE and Outlook 5.x allow executing arbitrary programs using .eml files



Works fine on NT4 Server, SP5, IE 5.00.2919.6307, but it prompts whether I
want to save it or run it.  If I run it, wordpad is launched.  This is
from the web page demo.

                                        Ryan
Previous By Date Next
Previous By Thread Next

Current thread: