[14325] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: IE and Outlook 5.x allow executing arbitrary programs using

daemon@ATHENA.MIT.EDU (Ryan Russell)
Fri Mar 17 03:49:46 2000

Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id:  <Pine.GSO.4.10.10003150915400.4786-100000@www.securityfocus.com>
Date:         Wed, 15 Mar 2000 09:24:52 -0800
Reply-To: Ryan Russell <ryan@SECURITYFOCUS.COM>
From: Ryan Russell <ryan@SECURITYFOCUS.COM>
X-To:         Georgi Guninski <joro@NAT.BG>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To:  <38CE4636.56B37C06@nat.bg>

On Tue, 14 Mar 2000, Georgi Guninski wrote:

> Georgi Guninski security advisory #9, 2000
>
> IE and Outlook 5.x allow executing arbitrary programs using .eml files
>

Works fine on NT4 Server, SP5, IE 5.00.2919.6307, but it prompts whether I
want to save it or run it.  If I run it, wordpad is launched.  This is
from the web page demo.

					Ryan


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[14325] in bugtraq

Re: IE and Outlook 5.x allow executing arbitrary programs using

daemon@ATHENA.MIT.EDU (Ryan Russell)Fri Mar 17 03:49:46 2000

daemon@ATHENA.MIT.EDU (Ryan Russell)
Fri Mar 17 03:49:46 2000