[<prev] [next>] [day] [month] [year] [list]
From: pauls at utdallas.edu (Schmehl, Paul L)
Subject: How often are IE security holes exploited?
Nick, wasn't that Braid? (The damn viruses all seem to run together
now, there's so many of them.)
Paul Schmehl (pauls@...allas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/
> -----Original Message-----
> From: Nick FitzGerald [mailto:nick@...us-l.demon.co.uk]
> Sent: Friday, December 13, 2002 2:15 AM
> To: full-disclosure@...ts.netsys.com
> Subject: RE: [Full-Disclosure] How often are IE security
> holes exploited?
>
> I forget exactly which offhand (perhaps the first Yaha or
> something just before it?) took advantage of the CR-only (or
> LF-only??) line break issue, in which many Unix mail servers
> will incorrectly pass what should be CRLF line-terminations
> and are otherwise invalid characters in standard SMTP
> traffic. Several content filter and AV Email scanner parsers
> "mis-handled" these messages, missing the attachments
> entirely (why these products were not written from the
> beginning to "fail closed" has still not been satisfactorily
> answered) and passing the bad messages on. Of course,
> Outlook and/or OE "happily" saw the messages as intended and
> they would detach and run the atatchments (and of course the
> users, feeling "safe" because they knew their Email was
> scanned for bad things, happily double-clicked away...).
Powered by blists - more mailing lists