Bugtraq mailing list archives
Re: Microsoft Security Bulletin (MS98-008)
From: david () MONY COM (David Kozinn)
Date: Wed, 29 Jul 1998 09:48:50 -0400
At 09:05 PM 7/28/98 , Brett Glass wrote:
I then polled the server with Eudora Pro 4.0.1. When the message came in,
it was garbled and the MIME header with the gigantic file name appeared in the body of the message when it should not have done so. The huge file name was displayed next to an icon, but clicking on the icon did not bring up the attached file; it generated an error message instead. I deleted the message, and the attachment was not deleted with it as it should have been.
I continued to use the mail client, and shortly thereafter it GP faulted.
Interesting. Qualcomm says that its products are not affected here: http://eudora.qualcomm.com/press/ However, the wording there says "... Eudora does not allow any unauthorized programs to be automatically executed on a user's system...", which seems to me that problem with merely receiving long filenames isn't a problem (as it is with the other products), but that a problem doesn't necessarily _not_ exist when you try to explicitly run the (bogus) attachment, as you've seen. -- David Kozinn david () mony com Strategic Services +1-212-708-2080 Mutual Of New York
Current thread:
- Re: Microsoft Security Bulletin (MS98-008) Eric Hunter (Jul 27)
- <Possible follow-ups>
- Re: Microsoft Security Bulletin (MS98-008) Aleph One (Jul 28)
- Re: Microsoft Security Bulletin (MS98-008) Brett Glass (Jul 28)
- Re: Microsoft Security Bulletin (MS98-008) Brett Glass (Jul 28)
- Re: Microsoft Security Bulletin (MS98-008) John Ladwig (Jul 29)
- Re: Microsoft Security Bulletin (MS98-008) David Kozinn (Jul 29)
- Re: Microsoft Security Bulletin (MS98-008) Brett Glass (Jul 29)