Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IE and Outlook 5.x allow executing arbitrary programs using.eml files

From: joro () NAT BG (Georgi Guninski)
Date: Fri, 17 Mar 2000 17:00:34 +0200

David LeBlanc wrote:


There's a couple of things that aren't clear here -


IE and Outlook 5.x allow executing arbitrary programs using .eml files



Description:
There is a vulnerability in IE and Outlook 5.x for Win9x/WinNT (probably
others) which allows executing arbitrary programs using .eml files.


Would this happen to apply to other web browsers, e.g., Netscape?



Netscape Communicator is not affected, don't know for other browsers.


Details:
The problem is creating files in the TEMP directory with known name and
arbitrary content.


How does the file get there?  Do all .eml files create temp files?  I
assume another work-around would be to have a user-specific temp directory,
such as Windows 2000 uses.



The file is created by IE or some of its components. AFAIK not all .eml
files create temp files.
User specific temp directory is better than the default one.
Previous By Date Next
Previous By Thread Next

Current thread: