Bugtraq mailing list archives

RE: Notepad popups in Internet Explorer and Outlook

From: "Thor Larholm" <thor () pivx com>
Date: Tue, 5 Aug 2003 15:34:06 -0700

The problem at hand is not one of Notepad or the view-source protocol,
but of the behavior inherant to Internet Explorer on how to handle
certain mimetypes and protocols. Your advisory (good as it is)
highlights an example of the problem, but disregards the larger picture.

Whether or not a specific mimetype or protocol will be automatically
opened by the MSHTML renderer is controlled by the EditFlag registry
key. Changing bit 0 of byte 2 controls whether the Open/Save dialog box
appears or if the content is automatically opened.

You could e.g. use this to disable the automatic opening of MIDI files,
which would be a very quick way for most domain administrators to
efficiently disable the MIDI exploit from last week.

You can read more about EditFlag at
http://www.cpcug.org/user/clemenzi/technical/WinExplorer/WinExplorerEdit
Flags.htm or http://perso.wanadoo.fr/tmcd2/Types.htm

As such, this problem is not limited to plaintext messages, but extends
to other types of data and other protocols.

It's funny that you have looked into this now, I am currently writing up
some stuff about inline embedding and automatic execution of media data
and exe files in emails (MHTML/EML) which covers the broader picture. I
guess the cat is out of the bag now, might as well release that soon ;)


Regards
Thor Larholm
PivX Solutions, LLC - Senior Security Researcher



-----Original Message-----
From: Richard M. Smith [mailto:rms () computerbytesman com] 
Sent: Monday, August 04, 2003 11:58 AM
To: BUGTRAQ@SECURITYFOCUS. COM
Subject: Notepad popups in Internet Explorer and Outlook


Hi,

Do Notepad popups represent a security risk or are they simply another
way for spammers and marketers to annoy us? Because of a design flaw in
Internet Explorer, Notepad popup windows can be displayed from an HTML
email message or Web page regardless of browser security settings. In
addition, Notepad popups can access files on a hard disk, possibilly
causing stability problems in a Windows saystem. 

For more details, see: 

  http://www.computerbytesman.com/security/notepadpopups.htm

Question:  What kind of operating system allows an email message to
automatically start up a text editor to change a system file?

Richard M. Smith
http://www.ComputerBytesMan.com

Current thread:

Notepad popups in Internet Explorer and Outlook Richard M. Smith (Aug 05)
- <Possible follow-ups>
- RE: Notepad popups in Internet Explorer and Outlook Thor Larholm (Aug 05)