Full Disclosure mailing list archives
RE: Xmas virus on the cards ?
From: "security squirrel" <secsquirrel () lycos com>
Date: Thu, 18 Dec 2003 11:27:09 -0400
It all sounds very much like he's talking about the renamed html - jpg file on the HTTP server. However they say the following: "To avoid difficulties, firms should check their mail filtering systems to ensure they handle emailed images in the same way as other HTML traffic, and should also educate users about this issue." This indicates that the Mail filtering system should be handling the renamed image file. Which logically should also mean that the renamed image file is in the email.
In short, when IE is NOT given any other hints as to the type of content of a particular link - that is, the link does not come from <A IMG...> or an HTML email message with MIME type information in it, but simply is pointed right at http://foo.com/I_am_not_really_an_image.JPG - IE will evaluate the header bytes of the object, a la the UNIX "file" command, and if it is one of I think 28 formats that IE can puzzle out, IE will "helpfully" launch it with the "correct" handler application.
____________________________________________________________ Free Poetry Contest. Win $10,000. Submit your poem @ Poetry.com! http://ad.doubleclick.net/clk;6750922;3807821;l?http://www.poetry.com/contest/contest.asp?Suite=A59101 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Xmas virus on the cards ? security squirrel (Dec 18)
- Re: [Full-Disc]: Xmas virus on the cards ? Anders (Dec 18)
- <Possible follow-ups>
- Xmas virus on the cards ? security squirrel (Dec 18)
- RE: Xmas virus on the cards ? Jay Libove (Dec 18)
- RE: Xmas virus on the cards ? Schmehl, Paul L (Dec 18)
- RE: Xmas virus on the cards ? security squirrel (Dec 18)