Bugtraq mailing list archives
Re: IE and Outlook 5.x allow executing arbitrary programs using.eml files
From: joro () NAT BG (Georgi Guninski)
Date: Fri, 17 Mar 2000 17:00:34 +0200
David LeBlanc wrote:
There's a couple of things that aren't clear here -IE and Outlook 5.x allow executing arbitrary programs using .eml filesDescription: There is a vulnerability in IE and Outlook 5.x for Win9x/WinNT (probably others) which allows executing arbitrary programs using .eml files.Would this happen to apply to other web browsers, e.g., Netscape?
Netscape Communicator is not affected, don't know for other browsers.
Details: The problem is creating files in the TEMP directory with known name and arbitrary content.How does the file get there? Do all .eml files create temp files? I assume another work-around would be to have a user-specific temp directory, such as Windows 2000 uses.
The file is created by IE or some of its components. AFAIK not all .eml files create temp files. User specific temp directory is better than the default one.
Current thread:
- IE and Outlook 5.x allow executing arbitrary programs using .eml files Georgi Guninski (Mar 14)
- Re: IE and Outlook 5.x allow executing arbitrary programs using .emlfiles Sylwester Zarębski (Mar 15)
- Re: IE and Outlook 5.x allow executing arbitrary programs using .eml files David LeBlanc (Mar 15)
- Re: IE and Outlook 5.x allow executing arbitrary programs using.eml files Georgi Guninski (Mar 17)
- Re: IE and Outlook 5.x allow executing arbitrary programs using .eml files Ryan Russell (Mar 15)
- [TL-Security-Announce] dump-0.4b11-1 and earlier TLSA200007-1 Katie Moussouris (Mar 15)
- Process hiding in linux Pavel Machek (Mar 15)
- Re: Process hiding in linux Peter W (Mar 17)
- PIX DMZ Denial of Service - TCP Resets Andrew Alston (Mar 20)
- vqserver /........../ Johan Nilsson (Mar 21)
- Re: PIX DMZ Denial of Service - TCP Resets Darren Reed (Mar 21)
- Re: PIX DMZ Denial of Service - TCP Resets Guido van Rooij (Mar 27)
- Re: Process hiding in linux Peter W (Mar 17)
- Re: Process hiding in linux Pavel Machek (Mar 20)
- Security Bulletins Digest Aleph One (Mar 20)