Bugtraq mailing list archives

Re: Microsoft Security Bulletin (MS98-008)

From: david () MONY COM (David Kozinn)
Date: Wed, 29 Jul 1998 09:48:50 -0400


At 09:05 PM 7/28/98 , Brett Glass wrote:

I then polled the server with Eudora Pro 4.0.1. When the message came in,

it was garbled and the MIME header with the gigantic file name appeared in
the body of the message when it should not have done so. The huge file name
was displayed next to an icon, but clicking on the icon did not bring up
the attached file; it generated an error message instead. I deleted the
message, and the attachment was not deleted with it as it should have been.


I continued to use the mail client, and shortly thereafter it GP faulted.


Interesting. Qualcomm says that its products are not affected here:
http://eudora.qualcomm.com/press/

However, the wording there says "... Eudora does not allow any unauthorized
programs to be automatically executed on a user's system...", which seems
to me that problem with merely receiving long filenames isn't a problem (as
it is with the other products), but that a problem doesn't necessarily
_not_ exist when you try to explicitly run the (bogus) attachment, as
you've seen.
--
David Kozinn                    david () mony com
Strategic Services             +1-212-708-2080
Mutual Of New York

Current thread:

Re: Microsoft Security Bulletin (MS98-008) Eric Hunter (Jul 27)
- <Possible follow-ups>
- Re: Microsoft Security Bulletin (MS98-008) Aleph One (Jul 28)
- Re: Microsoft Security Bulletin (MS98-008) Brett Glass (Jul 28)
- Re: Microsoft Security Bulletin (MS98-008) Brett Glass (Jul 28)
  - Re: Microsoft Security Bulletin (MS98-008) John Ladwig (Jul 29)
  - Re: Microsoft Security Bulletin (MS98-008) David Kozinn (Jul 29)
    - Re: Microsoft Security Bulletin (MS98-008) Brett Glass (Jul 29)