[14334] in bugtraq
Re: IE and Outlook 5.x allow executing arbitrary programs
daemon@ATHENA.MIT.EDU (Georgi Guninski)
Mon Mar 20 03:35:59 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=koi8-r
Content-Transfer-Encoding: 7bit
Message-Id: <38D24892.B9DCBA2D@nat.bg>
Date: Fri, 17 Mar 2000 17:00:34 +0200
Reply-To: Georgi Guninski <joro@NAT.BG>
From: Georgi Guninski <joro@NAT.BG>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
David LeBlanc wrote:
>
> There's a couple of things that aren't clear here -
>
> >IE and Outlook 5.x allow executing arbitrary programs using .eml files
>
> >Description:
> >There is a vulnerability in IE and Outlook 5.x for Win9x/WinNT (probably
> >others) which allows executing arbitrary programs using .eml files.
>
> Would this happen to apply to other web browsers, e.g., Netscape?
>
Netscape Communicator is not affected, don't know for other browsers.
> >Details:
> >The problem is creating files in the TEMP directory with known name and
> >arbitrary content.
>
> How does the file get there? Do all .eml files create temp files? I
> assume another work-around would be to have a user-specific temp directory,
> such as Windows 2000 uses.
>
The file is created by IE or some of its components. AFAIK not all .eml
files create temp files.
User specific temp directory is better than the default one.
