[32118] in bugtraq

home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: IE remote code execution

daemon@ATHENA.MIT.EDU (Jouko Pynnonen)
Mon Oct 20 16:42:35 2003

Date: Mon, 20 Oct 2003 21:53:09 +0300
From: Jouko Pynnonen <jouko@iki.fi>
To: bugtraq@securityfocus.com
Message-ID: <20031020185308.GB4156@jouko.iki.fi>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <Pine.LNX.4.44.0310190012380.170-100000@osiris>


On Sun, Oct 19, 2003 at 12:15:39AM +0200, Marcin Ulikowski wrote:

> Header("Content-Disposition: inline; filename=readme.txt%00code.exe");


This is not new, I reported this in 2001:

http://msgs.securepoint.com/cgi-bin/get/bugtraq0201/132.html



-- 
Jouko Pynnönen          http://iki.fi/jouko/
jouko@iki.fi

home	help	back	first	fref	pref	prev	next	nref	lref	last	post