Full Disclosure mailing list archives
RE: How often are IE security holes exploited?
From: "Schmehl, Paul L" <pauls () utdallas edu>
Date: Fri, 13 Dec 2002 09:17:26 -0600
Nick, wasn't that Braid? (The damn viruses all seem to run together now, there's so many of them.) Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/
-----Original Message----- From: Nick FitzGerald [mailto:nick () virus-l demon co uk] Sent: Friday, December 13, 2002 2:15 AM To: full-disclosure () lists netsys com Subject: RE: [Full-disclosure] How often are IE security holes exploited? I forget exactly which offhand (perhaps the first Yaha or something just before it?) took advantage of the CR-only (or LF-only??) line break issue, in which many Unix mail servers will incorrectly pass what should be CRLF line-terminations and are otherwise invalid characters in standard SMTP traffic. Several content filter and AV Email scanner parsers "mis-handled" these messages, missing the attachments entirely (why these products were not written from the beginning to "fail closed" has still not been satisfactorily answered) and passing the bad messages on. Of course, Outlook and/or OE "happily" saw the messages as intended and they would detach and run the atatchments (and of course the users, feeling "safe" because they knew their Email was scanned for bad things, happily double-clicked away...).
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- How often are IE security holes exploited? Richard M. Smith (Dec 12)
- Re: How often are IE security holes exploited? Blue Boar (Dec 12)
- Re: How often are IE security holes exploited? zeno (Dec 12)
- Re: How often are IE security holes exploited? Nick FitzGerald (Dec 12)
- Re: How often are IE security holes exploited? Blue Boar (Dec 13)
- <Possible follow-ups>
- RE: How often are IE security holes exploited? Schmehl, Paul L (Dec 12)
- RE: How often are IE security holes exploited? Richard M. Smith (Dec 12)
- RE: How often are IE security holes exploited? Nick FitzGerald (Dec 13)
- RE: How often are IE security holes exploited? Richard M. Smith (Dec 12)
- Re: How often are IE security holes exploited? gobbbles (Dec 13)
- RE: How often are IE security holes exploited? Schmehl, Paul L (Dec 13)
- Re: How often are IE security holes exploited? Blue Boar (Dec 12)