IDS mailing list archives
HELP ON POP3 FALSE ATTACHMENT SIGNATURE
From: "Aravinda T" <aravindat () internettrends co in>
Date: Mon, 16 Jun 2003 11:08:08 +0530
Hi all, In our company we are developing a host based IDS for all windows platforms.In that they asked me to write code for detecting POP3 false attachment attack.I am giving the description of this attack below. Description: Versions of MS Outlook are vulnerable to receiving a hidden, potentially hostile attachment. An arbitrary string of characters, supplied by the sender to the 'subject:' field, will be received and interpreted by vulnerable versions of Outlook as an attachment to the message. If this string is properly constructed, it can be executable and capable of performing hostile actions on the vulnerable host. This can also be used to circumvent Outlook's dangerous file security feature. So, pls help me for writing signature of this attack.Any info regarding this one is highly appreciated. Thanks and regards, Aravind. ------------------------------------------------------------------------------- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com -------------------------------------------------------------------------------
Current thread:
- HELP ON POP3 FALSE ATTACHMENT SIGNATURE Aravinda T (Jun 17)
- Re: HELP ON POP3 FALSE ATTACHMENT SIGNATURE Srinivasa Rao Addepalli (Jun 18)