Vulnerability Development mailing list archives

Re: Unwanted automagic processing (Was: Re: [Q] CORBA, IIOP)

From: simont () WESTEL900 HU (Simon Tamás)
Date: Mon, 13 Mar 2000 09:32:19 +0100


Hi!

So I might be able to putsome malicious HTML code in my vcard?

Be careful next time :-)

S.T.

Mikael Olsson wrote:


Speaking of software doing anwanted automatic processing,
I just saw one member of this list do something I didn't
think was possible.

See this vcard attachment:

Content-Type: text/x-vcard; charset=iso-8859-2; name="simont.vcf"
Content-Transfer-Encoding: 7bit
Content-Description: Card for Simon TamÃ¡s
Content-Disposition: attachment; filename="simont.vcf"

begin:vcard
n:Simon;TamÃ¡s
tel;cell:3630305510
x-mozilla-html:TRUE
url:www.westel900.hu
org:<IMG SRC="http://users.westel900.net/amk/images/wlogo.gif";>;Special
Project
adr:;;KaposvÃ¡r str. 5-7;Budapest;;1117;Hungary
version:2.1
email;internet:simont () westel900 hu
title:www sw  engineer
x-mozilla-cpt:;-1
fn:Simon TamÃ¡s
end:vcard

Look at the IMG SRC tag.

Why is my nutscrape parsing the vcard contents as HTML? Is this intended
behaviour?

I had the idea a while back to implement a mail filter that kills anything
looking
like HTML (ie stripping all tags from text/html mime sections), but this
example
shows me the futility of that effort. Ack.

--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 Ã–RNSKÃ–LDSVIK
Phone: +46 (0)660 105 50           Fax: +46 (0)660 122 50
Mobile: +46 (0)70 66 77 636
WWW: http://www.enternet.se        E-mail: mikael.olsson () enternet se


<HR NOSHADE>
<UL>
<LI>text/x-vcard attachment: Card for Simon Tam\s
</UL>

Current thread:

Re: spoofing the ethernet address, (continued)
- - - Re: spoofing the ethernet address Dimitrios Petropoulos x9234 Singer / 4 (Mar 08)
    - [Q] CORBA, IIOP Simon Tamás (Mar 08)
    - Unwanted automagic processing (Was: Re: [Q] CORBA, IIOP) Mikael Olsson (Mar 09)
    - Re: Unwanted automagic processing (Was: Re: [Q] CORBA, IIOP) Nicolas Justin (Mar 10)
    - Re: Unwanted automagic processing (Was: Re: [Q] CORBA, IIOP) Liviu Daia (Mar 10)
    - MS Frontpage shtml.dll Path Leak Vulnerability Greg (Mar 12)
    - NT 4.0 (Workstation) Logon Authentication Vulnerability jhw1970 () HOTMAIL COM (Mar 14)
    - Re: NT 4.0 (Workstation) Logon Authentication Vulnerability Phil Cox (Mar 14)
    - Re: NT 4.0 (Workstation) Logon Authentication Vulnerability Maxime Rousseau (Mar 15)
    - Re: MS Frontpage shtml.dll Path Leak Vulnerability Marc (Mar 14)
    - Re: Unwanted automagic processing (Was: Re: [Q] CORBA, IIOP) Simon Tamás (Mar 13)
    - (another) MS Outlook hole in embedded metafiles? Michael Wojcik (Mar 08)
    - Re: spoofing the ethernet address Pavel Kankovsky (Mar 09)
    - Extending the FTP "ALG" vulnerability to any FTP client Mikael Olsson (Mar 10)
    - DoS in ArGoSoft FTP Server, Version 1.04 (1.0.4.4) for win* Knud Erik Højgaard (Feb 11)
    - Re: Extending the FTP "ALG" vulnerability to any FTP client Dug Song (Mar 11)
    - Security auditing of network infrastructure Martin M Samson (Mar 11)
    - information being stored from cgi forms Bob Johnson (Mar 10)
    - Re: information being stored from cgi forms Crispin Cowan (Mar 10)
- Re: spoofing the ethernet address Timothy J. Miller (Mar 13)
- Re: spoofing the ethernet address Arnold, Jamie (Mar 14)

(Thread continues...)