[24730] in bugtraq
RE: MSIE vulnerability exploitable with IncrediMail
daemon@ATHENA.MIT.EDU (RT)
Mon Mar 18 22:34:18 2002
Date: Sat, 16 Mar 2002 00:58:52 +0000 (GMT)
From: RT <roelof@sensepost.com>
To: Thor Larholm <Thor@jubii.dk>
Cc: "'Eric Detoisien'" <eric.detoisien@global-secure.fr>,
<bugtraq@securityfocus.com>
In-Reply-To: <52D05AEFB0D95C4BAD179A054A54CDEB1BD1F6@mailsrv1.jubii.dk>
Message-ID: <20020316005222.U30061-100000@redknuckle.sensepost.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Immm...
Eudora Mail .. automatically saves attachments in <drive>:\program
files\qualcomm\eudora\attachments .. right?
The (very old) version (4.1) that I have sure does that. And even if you delete
the email itself (after opening), or right click on the file and selecting delete -
the file stays.
So, you just need to get the file in there and have the user visit a corrupted
web .. and hey.. presto!
Just my 2c on this,
Roelof.
On Fri, 15 Mar 2002, Thor Larholm wrote:
+Isn't {42D00B20-479C-11d4-9706-00105A40931C} a GUID for your user account,
+and as such unknown from time to time, making the proposed exploit
+unfeasable ?
+
+
+Regards
+Thor Larholm
+Jubii A/S - Internet Programmer
+
+
------------------------------------------------------
Roelof W Temmingh SensePost IT security
roelof@sensepost.com +27 83 448 6996
http://www.sensepost.com http://www.hackrack.com
