Full Disclosure mailing list archives
Re: 2 vulnerabilities combine to auto execute received files in Nokia series 60 OS
From: "KF (lists)" <kf_lists () digitalmunition com>
Date: Mon, 24 Jan 2005 10:29:31 -0500
so then the bottom line is that there is a bug. When files are being transfered they should also be identified via the content of the file rather than the extension...
-KF
The second one is also know feature, the file type is not determinated from the extension but from the content of the file. So a sis package renamed to an jpeg file still looks from the inside as a sis package and so the user is prompted for installation.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- 2 vulnerabilities combine to auto execute received files in Nokia series 60 OS rohit (Jan 24)
- Re: 2 vulnerabilities combine to auto execute received files in Nokia series 60 OS KF (lists) (Jan 24)
- Re: 2 vulnerabilities combine to auto execute received files in Nokia series 60 OS Valdis . Kletnieks (Jan 24)
- RE: 2 vulnerabilities combine to auto execute received files in Nokia series 60 OS Paul Kurczaba (Jan 24)
- Re: 2 vulnerabilities combine to auto execute received files in Nokia series 60 OS Thierry Zoller (Jan 24)
- Re: 2 vulnerabilities combine to auto execute received files in Nokia series 60 OS Anders Langworthy (Jan 24)
- Re: 2 vulnerabilities combine to auto execute received files in Nokia series 60 OS dk (Jan 24)
- Re: 2 vulnerabilities combine to auto execute received files in Nokia series 60 OS KF (lists) (Jan 24)