Vulnerability Development mailing list archives
Unwanted automagic processing (Was: Re: [Q] CORBA, IIOP)
From: mikael.olsson () ENTERNET SE (Mikael Olsson)
Date: Thu, 9 Mar 2000 09:45:21 +0100
Speaking of software doing anwanted automatic processing, I just saw one member of this list do something I didn't think was possible. See this vcard attachment: Content-Type: text/x-vcard; charset=iso-8859-2; name="simont.vcf" Content-Transfer-Encoding: 7bit Content-Description: Card for Simon Tamás Content-Disposition: attachment; filename="simont.vcf" begin:vcard n:Simon;Tamás tel;cell:3630305510 x-mozilla-html:TRUE url:www.westel900.hu org:<IMG SRC="http://users.westel900.net/amk/images/wlogo.gif";>;Special Project adr:;;Kaposvár str. 5-7;Budapest;;1117;Hungary version:2.1 email;internet:simont () westel900 hu title:www sw engineer x-mozilla-cpt:;-1 fn:Simon Tamás end:vcard Look at the IMG SRC tag. Why is my nutscrape parsing the vcard contents as HTML? Is this intended behaviour? I had the idea a while back to implement a mail filter that kills anything looking like HTML (ie stripping all tags from text/html mime sections), but this example shows me the futility of that effort. Ack. -- Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK Phone: +46 (0)660 105 50 Fax: +46 (0)660 122 50 Mobile: +46 (0)70 66 77 636 WWW: http://www.enternet.se E-mail: mikael.olsson () enternet se
![http://users.westel900.net/amk/images/wlogo.gif"](http://users.westel900.net/amk/images/wlogo.gif"){kind=link}
Current thread:
- callbook in services ?, (continued)
- callbook in services ? Maurycy Prodeus (Mar 04)
- Re: spoofing the ethernet address Pauli Ojanpera (Mar 02)
- Re: spoofing the ethernet address Seth R Arnold (Mar 05)
- Re: spoofing the ethernet address H D Moore (Mar 05)
- Re: spoofing the ethernet address Ex Machina [xm] (Mar 06)
- Re: spoofing the ethernet address Buhrmaster, Gary (Mar 06)
- Re: spoofing the ethernet address Pauli Ojanpera (Mar 06)
- Re: spoofing the ethernet address Ex Machina [xm] (Mar 07)
- Re: spoofing the ethernet address Dimitrios Petropoulos x9234 Singer / 4 (Mar 08)
- [Q] CORBA, IIOP Simon Tamás (Mar 08)
- Unwanted automagic processing (Was: Re: [Q] CORBA, IIOP) Mikael Olsson (Mar 09)
- Re: Unwanted automagic processing (Was: Re: [Q] CORBA, IIOP) Nicolas Justin (Mar 10)
- Re: Unwanted automagic processing (Was: Re: [Q] CORBA, IIOP) Liviu Daia (Mar 10)
- MS Frontpage shtml.dll Path Leak Vulnerability Greg (Mar 12)
- NT 4.0 (Workstation) Logon Authentication Vulnerability jhw1970 () HOTMAIL COM (Mar 14)
- Re: NT 4.0 (Workstation) Logon Authentication Vulnerability Phil Cox (Mar 14)
- Re: NT 4.0 (Workstation) Logon Authentication Vulnerability Maxime Rousseau (Mar 15)
- Re: spoofing the ethernet address Ex Machina [xm] (Mar 07)
- Re: MS Frontpage shtml.dll Path Leak Vulnerability Marc (Mar 14)
- Re: Unwanted automagic processing (Was: Re: [Q] CORBA, IIOP) Simon Tamás (Mar 13)
- (another) MS Outlook hole in embedded metafiles? Michael Wojcik (Mar 08)
- Re: spoofing the ethernet address Pavel Kankovsky (Mar 09)