Full Disclosure mailing list archives
RE: Administrivia: Testing Emergency Virus Filter..
From: "Dowling, Gabrielle" <dowlingg () sullcrom com>
Date: Thu, 21 Aug 2003 00:40:18 -0400
Paul..... Are you sure that this is true? I know there was an autoexecution concern with MiMail, for general unzip, but was wrong to begin with with respect to that but even the initial post found it was not a concern with the XP unzipping functionality. I have never seen the XP unzip cause code to autoexecute. The problem with Mimail was that if you chose to unzip it with PKUnzip and and then open , and if you didn't have an Outlook Express patch in place, the code within it would autoexcute because IE relies on OE to render MHTMA code (and I'm probably wrong about the nomenclature of that.....But in a nutshell, MS was not very good about describing that the OE vuln affected IE users when they released the patch. Regards, Gaby -----Original Message----- From: Schmehl, Paul L [mailto:pauls () utdallas edu] Sent: Wednesday, August 20, 2003 11:08 AM To: full-disclosure () lists netsys com Subject: RE: [Full-disclosure] Administrivia: Testing Emergency Virus Filter..
-----Original Message----- From: Jeroen Massar [mailto:jeroen () unfix org] Sent: Wednesday, August 20, 2003 8:14 AM To: 'Richard M. Smith'; full-disclosure () lists netsys com Subject: RE: [Full-disclosure] Administrivia: Testing Hint for the new generation of virusmakers: Zip thou virii ;)
Bzzzt. Already done. Yaha sends zipped copies of itself, neatly taking advantage of the "feature" in Windows XP that "understands" what a zip file is and automatically asks you if you'd like to extract the contents, which it will then execute automatically. (Another sign of brain dead-ness in Redmond.) Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ********************************************************************** This e-mail is sent by a law firm and contains information that may be privileged and confidential. If you are not the intended recipient, please delete the e-mail and notify us immediately. *********************************************************************** _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Administrivia: Testing Emergency Virus Filter.., (continued)
- Re: Administrivia: Testing Emergency Virus Filter.. Valdis . Kletnieks (Aug 20)
- RE: Administrivia: Testing Emergency Virus Filter.. Gary E. Miller (Aug 20)
- RE: Re: Administrivia: Testing Emergency Virus Filter.. Schmehl, Paul L (Aug 20)
- RE: Re: Administrivia: Testing Emergency Virus Filter.. Drew Copley (Aug 20)
- RE: Re: Administrivia: Testing Emergency Virus Filter.. Gary E. Miller (Aug 20)
- RE: Re: Administrivia: Testing Emergency Virus Filter.. Paul Schmehl (Aug 20)
- RE: Re: Administrivia: Testing Emergency Virus Filter.. Gary E. Miller (Aug 20)
- RE: Re: Administrivia: Testing Emergency Virus Filter.. Drew Copley (Aug 21)
- RE: Re: Administrivia: Testing Emergency Virus Filter.. Drew Copley (Aug 20)
- Re: Re: Administrivia: Testing Emergency Virus Filter.. Thor Larholm (Aug 21)
- RE: Re: Administrivia: Testing Emergency Virus Filter.. Drew Copley (Aug 21)