Full Disclosure mailing list archives

Re: Outlook Express Attachment Property Spoofing Vulnerabilities

From: full-disclosure () lists netsys com (Roland Postle)
Date: Sat, 20 Jul 2002 16:06:18 +0100

So why hasn't MS fixed them then? Will it take a big email virus, and more
mass hysteria, before they do?

Personally I get sent a lot of virus and rely on knowing the extension. They
frequently use the spaces before extension vulnerability (so I'll get
somthing like 'hello.mp3     .scr') but I always notice these before opening
them anyway. However, combined with the other vulnerabilities you mention I
could probably be tricked into opening a virus. God help the clueless
people.

- Blazde

----- Original Message -----
From: "Jack" <jack () malware com>
To: <news () securiteam com>; <bugtraq () securityfocus com>;
<full-disclosure () lists netsys com>
Cc: <mattmurphy () kc rr com>
Sent: Saturday, July 20, 2002 2:27 PM
Subject: [Full-disclosure] Re: Outlook Express Attachment Property Spoofing
Vulnerabilities

Dude, they are all two years old:

http://www.securityfocus.com/bid/2260
http://www.securityfocus.com/bid/3271

Current thread:

Outlook Express Attachment Property Spoofing Vulnerabilities Matthew Murphy (Jul 19)
- Outlook Express Attachment Property Spoofing Vulnerabilities Thor Larholm (Jul 20)
- <Possible follow-ups>
- Re: Outlook Express Attachment Property Spoofing Vulnerabilities Jack (Jul 20)
  - Re: Outlook Express Attachment Property Spoofing Vulnerabilities Roland Postle (Jul 20)
- Re: Outlook Express Attachment Property Spoofing Vulnerabilities Matthew Murphy (Jul 20)
- Re: Outlook Express Attachment Property Spoofing Vulnerabilities Jack (Jul 20)