Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Outlook Express Attachment Property Spoofing Vulnerabilities

From: full-disclosure () lists netsys com (Jack)
Date: Sat, 20 Jul 2002 15:22:40 -0000
It's in the archives. They can't be bothered. More important and 
serious concerns to attend to.

As far as they are concerned, as long as there is "a warning" 
dialogue, it is up to the user to accept or not accept. They as the 
vendor have done there job as long as there is warning.  Thereafter, 
tough luck to you if you get snagged.

Strange philosophy.

----- Original Message ----- 
From: Roland Postle 
To: full-disclosure () lists netsys com 
Sent: Saturday, July 20, 2002 11:06 AM
Subject: Re: [Full-disclosure] Re: Outlook Express Attachment 
Property Spoofing Vulnerabilities


So why hasn't MS fixed them then? Will it take a big email virus, and 
more
mass hysteria, before they do?

Personally I get sent a lot of virus and rely on knowing the 
extension. They
frequently use the spaces before extension vulnerability (so I'll get
somthing like 'hello.mp3     .scr') but I always notice these before 
opening
them anyway. However, combined with the other vulnerabilities you 
mention I
could probably be tricked into opening a virus. God help the clueless
people.

- Blazde

----- Original Message -----
From: "Jack" <jack () malware com>
To: <news () securiteam com>; <bugtraq () securityfocus com>;
<full-disclosure () lists netsys com>
Cc: <mattmurphy () kc rr com>
Sent: Saturday, July 20, 2002 2:27 PM
Subject: [Full-disclosure] Re: Outlook Express Attachment Property 
Spoofing
Vulnerabilities



Dude, they are all two years old:

http://www.securityfocus.com/bid/2260
http://www.securityfocus.com/bid/3271




_______________________________________________
Full-Disclosure - We believe in it.
Full-Disclosure () lists netsys com
http://lists.netsys.com/mailman/listinfo/full-disclosure
Previous By Date Next
Previous By Thread Next

Current thread: