%25c double-parse vulnerability exploitable via email

[yehuda <yehuda () essutton com>]

        This may be obvious, but even if a server is not accessible to the
internet, you can exploit it via email. All you need is the following
information:

> 1 - an email address on their network. It must be one that someone will
> read, and the person must be using a reader that renders html mail.
> 2 - the hostname or IP of the win2k server
>
> all you need to do is craft an html email to your mail user (see 1 above)
> with the %25c double-parse vulnerability as a url in the mail message.
> (Use an img tag so it will run automatically and attempt to download an
> "image".)
>
> user reads the message, and blammo!
        if an administrator feels he doesn't need to patch his win2k server
because it's not available on the internet, think again.