Bugtraq mailing list archives
Re: IE and Outlook 5.x allow executing arbitrary programs using . eml files
From: cschoedel () CLICKNET COM (Schoedel, Christine)
Date: Fri, 17 Mar 2000 09:03:14 -0800
It also works on NT Workstation 4.0 SP4, IE 5.00.2314.1003, Outlook 2000. It prompts to save or run - if I choose Run, it works. If I choose Cancel, it works. If I close the box with Esc, it still works. Chris -----Original Message----- From: Ryan Russell [mailto:ryan () SECURITYFOCUS COM] Sent: Wednesday, March 15, 2000 9:25 AM To: BUGTRAQ () SECURITYFOCUS COM Subject: Re: IE and Outlook 5.x allow executing arbitrary programs using .eml files On Tue, 14 Mar 2000, Georgi Guninski wrote:
Georgi Guninski security advisory #9, 2000 IE and Outlook 5.x allow executing arbitrary programs using .eml files
Works fine on NT4 Server, SP5, IE 5.00.2919.6307, but it prompts whether I want to save it or run it. If I run it, wordpad is launched. This is from the web page demo. Ryan
Current thread:
- Re: IE and Outlook 5.x allow executing arbitrary programs using . eml files Schoedel, Christine (Mar 17)