[19952] in bugtraq
Incorrect MIME Header Can Cause IE to Execute E-mail Attachment
daemon@ATHENA.MIT.EDU (Juan Carlos Garcia Cuartango)
Fri Mar 30 10:21:23 2001
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_001B_01C0B908.88A62280"
Message-ID: <001e01c0b8f7$c5d61b30$09001aac@LaHabana>
Date: Fri, 30 Mar 2001 10:59:46 +0200
Reply-To: Juan Carlos Garcia Cuartango <cuartango@TERRA.ES>
From: Juan Carlos Garcia Cuartango <cuartango@TERRA.ES>
To: BUGTRAQ@SECURITYFOCUS.COM
This is a multi-part message in MIME format.
------=_NextPart_000_001B_01C0B908.88A62280
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Hi,
Microsoft has released a security bulletin =
http://www.microsoft.com/technet/security/bulletin/ms01-020.asp entitled =
"Incorrect MIME Header Can Cause IE to Execute E-mail Attachment".
EML files are MIME multipart files that IE 5 will parse. There is a =
vulnerability allowing arbitrary code execution using this kind of =
files. This vulnerabiliy could allow an hostile page or e-mail to =
perform any action on your computer. The vulnerability affects IE 5, IE =
5.5 over all windows platforms.
I have prepared some demos about the vulnerability in =
www.kriptopolis.com (major spanish security site) :
http://www.kriptopolis.com/cua/eml.html
Note : It you want to have a look to the hostile EML files you must =
click the right mouse button over the pictures and select the "Save =
Target As" menu option.
Regards,
Juan Carlos G. Cuartango
------=_NextPart_000_001B_01C0B908.88A62280
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 5.50.4522.1800" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Hi,</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Microsoft has released a security =
bulletin=20
</FONT><FONT face=3DArial><A=20
href=3D"http://www.microsoft.com/technet/security/bulletin/ms01-020.asp">=
<FONT=20
size=3D2>http://www.microsoft.com/technet/security/bulletin/ms01-020.asp<=
/FONT></A><FONT=20
size=3D2> entitled "</FONT><FONT size=3D2>Incorrect MIME Header Can =
Cause IE to=20
Execute E-mail Attachment".</FONT></FONT></DIV>
<DIV><FONT face=3DArial size=3D2>EML files are MIME multipart files that =
IE 5 will=20
parse. There is a vulnerability allowing arbitrary code execution using =
this=20
kind of files. This vulnerabiliy could allow an hostile page or e-mail =
to=20
perform any action on your computer. The vulnerability affects IE 5, IE =
5.5 over=20
all windows platforms.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>I have prepared some demos about the =
vulnerability=20
in <A =
href=3D"http://www.kriptopolis.com">www.kriptopolis.com</A> (major=20
spanish security site) :</FONT></DIV>
<DIV><FONT face=3DArial size=3D2><A=20
href=3D"http://www.kriptopolis.com/cua/eml.html">http://www.kriptopolis.c=
om/cua/eml.html</A></FONT><FONT=20
face=3DArial size=3D2></FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Note : It you want to have a look to=20
the hostile EML files you must click the right mouse button over =
the=20
pictures and select the "Save Target As" menu option.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Regards,</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Juan Carlos G. Cuartango</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV></BODY></HTML>
------=_NextPart_000_001B_01C0B908.88A62280--
