[7477] in bugtraq
Re: Microsoft Security Bulletin (MS98-008)
daemon@ATHENA.MIT.EDU (Brett Glass)
Wed Jul 29 21:43:24 1998
Date: Wed, 29 Jul 1998 12:09:35 -0600
Reply-To: Brett Glass <brett@LARIAT.ORG>
From: Brett Glass <brett@LARIAT.ORG>
X-To: David Kozinn <david@MONY.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199807291348.JAA12493@a99201.mony.com>
At 09:48 AM 7/29/98 -0400, David Kozinn wrote:
>However, the wording there says "... Eudora does not allow any unauthorized
>programs to be automatically executed on a user's system...", which seems
>to me that problem with merely receiving long filenames isn't a problem (as
>it is with the other products), but that a problem doesn't necessarily
>_not_ exist when you try to explicitly run the (bogus) attachment, as
>you've seen.
Actually, I'm not trying to "run" the bogus attachment -- just to view it.
And the GP fault I experienced was suspicious. When program memory or
the stack is overwritten with arbitrary characters, it frequently causes
a GPF.
--Brett
