[29261] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: .MHT Buffer Overflow in Internet Explorer

daemon@ATHENA.MIT.EDU (http-equiv@excite.com)
Tue Mar 11 14:46:23 2003

Message-Id: <200303111713.h2BHDL521300@web182.megawebservers.com>
To: <bugtraq@securityfocus.com>
Date: Tue, 11 Mar 2003 17:13:21 -0000
From: "http-equiv@excite.com" <http-equiv@malware.com>
Reply-To: http-equiv@malware.com

<!-- 
The following sample format contains malformed MIME header along with 
the Base64 encoded executable.

---------------------------------------------- 
MIME-Version: 1.0 
------=_NextPart_000_0000_01C2E1F4.0D559EA0 
Content-Location:file:///tomatell.exe 
Content-Transfer-Encoding: base64 

TVpQ 
---------------------------------------------- 

 -->

Excellent!

Yes, there has always been something suspicious about that spot. 
Simply writing the word [header] GIF89a in the same spot will create 
an empty image container:

------phuquedup.mhtml-----

MIME-Version: 1.0 
Content-Transfer-Encoding: 7bit 

GIF89a

------phuquedup.mhtml-----

End Call

-- 
http://www.malware.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[29261] in bugtraq

Re: .MHT Buffer Overflow in Internet Explorer

daemon@ATHENA.MIT.EDU (http-equiv@excite.com)Tue Mar 11 14:46:23 2003

daemon@ATHENA.MIT.EDU (http-equiv@excite.com)
Tue Mar 11 14:46:23 2003