Bugtraq mailing list archives
RE: MSIE vulnerability exploitable with IncrediMail
From: RT <roelof () sensepost com>
Date: Sat, 16 Mar 2002 00:58:52 +0000 (GMT)
Immm... Eudora Mail .. automatically saves attachments in <drive>:\program files\qualcomm\eudora\attachments .. right? The (very old) version (4.1) that I have sure does that. And even if you delete the email itself (after opening), or right click on the file and selecting delete - the file stays. So, you just need to get the file in there and have the user visit a corrupted web .. and hey.. presto! Just my 2c on this, Roelof. On Fri, 15 Mar 2002, Thor Larholm wrote: +Isn't {42D00B20-479C-11d4-9706-00105A40931C} a GUID for your user account, +and as such unknown from time to time, making the proposed exploit +unfeasable ? + + +Regards +Thor Larholm +Jubii A/S - Internet Programmer + + ------------------------------------------------------ Roelof W Temmingh SensePost IT security roelof () sensepost com +27 83 448 6996 http://www.sensepost.com http://www.hackrack.com
Current thread:
- MSIE vulnerability exploitable with IncrediMail Eric Detoisien (Mar 15)
- MSIE vulnerability exploitable with Eudora (was: IncrediMail) Magnus Bodin (Mar 18)
- <Possible follow-ups>
- RE: MSIE vulnerability exploitable with IncrediMail Thor Larholm (Mar 15)
- RE: MSIE vulnerability exploitable with IncrediMail RT (Mar 18)
- RE: MSIE vulnerability exploitable with IncrediMail Eric Detoisien (Mar 16)
- RE: MSIE vulnerability exploitable with IncrediMail Thor Larholm (Mar 18)
- RE: MSIE vulnerability exploitable with IncrediMail Joachim Thuau (Mar 19)