Vulnerability Development mailing list archives
RE: The Dangers of Email Archives
From: Tim Hollebeek <thollebeek () cigital com>
Date: Thu, 25 Oct 2001 13:33:57 -0400
While this product itself doesn't have a hole in it; it is often used to help to translate mail for other archiving software. I've seen in some examples that email was translated with this tool and archived with other software, and html tags where translated/executed as normal..
There are lots of reasonably similar flaws. I scared the **** out of myself when I got a javascript error while reading the Nimda analysis posted to securityfocus.com. Parts were generated by just putting <pre> around the relevant code from Nimda, but IE is more than happy to interpret <script> within <pre>, which caused me to worry that the securityfocus.com page had been rewritten by Nimda, until I looked a bit closer. Be very, very careful how you deal with converting text to html and back. Tim Hollebeek Research Scientist Cigital Labs
Current thread:
- The Dangers of Email Archives bugtraq (Oct 25)
- <Possible follow-ups>
- RE: The Dangers of Email Archives Tim Hollebeek (Oct 25)
- Re: The Dangers of Email Archives zeno (Oct 25)