Full Disclosure mailing list archives
Re: Outlook "cid:" handling - Request for Information
From: "http-equiv () excite com" <1 () malware com>
Date: Sat, 16 Oct 2004 21:17:35 -0000
<!-- It has recently come to my attention that it is possible to circumvent functions inside of Microsoft Outlook 2003 and some other MUA's by using href tags containing "cid:". By default such MUAs no longer download web referenced images and objects, however images referencedby "cid:" strings are embedded (as attachments with special names) within the e-mail. Contrary to the policy of not downloading images, it would seem that these are packaged with the mail (decentralised) AND are displayed despite non-image download policies. --> The download restriction is in refernce to remote files. CID: is 'content id' it references the content of the appropriate boundry of the MIME mail message. Which in this case would be an image. The image is encoded and embedded within the mail message itself. Not on a remote server and does not /cannot download. It is a link inside the email to an encoding of the image which is then rendered. For example: <img src="cid:malware"> ------=_NextPart_000_0004_01C4B234.2209FD20 Content-Type: image/gif; name="youlickit[1].gif" Content-Transfer-Encoding: base64 Content-ID: <malware> R0lGODlhogCiAOb/AP////8hAP8QAP8AAPdCAPcAAO97AO8IAOfeQufWUuetY+eUA N7OEN7OAN7G Simply put it is connecting to the base64 encoded image within the email message by identifying it with the name malware. As http is to a webserver, so CID is to the content of the mail message. It's not being downloaded from anywhere other than from within the mail message. However if what you are after is to not view images, the only way is to accept all email in plain text. But in Outlook Express [maybe Outlook 2003 haven't checked], an attached image file even in a plain text message, will be rendered. It is a machine generated CID like this: <CENTER><IMG SRC="CID:{F69034DE-F779-4AA2-B5A9- 7413133C2A29}/malware.JPG"></CENTER> This harkens back to the day of the 'slide show' feature in Outlook Express. But again it is not retrieved remotely, rather from within the email message itself via the CID. You may try some sort of filter in Outlook 2003 or definitely on the server to remedy whatever is concerning you. -- http://www.malware.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Outlook "cid:" handling - Request for Information James Tucker (Oct 14)
- <Possible follow-ups>
- Re: Outlook "cid:" handling - Request for Information http-equiv () excite com (Oct 16)