lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sun, 27 Jul 2003 22:13:28 +1200
From: Stephen Cope <mail@...sense.kimihia.org.nz>
To: bugtraq@...urityfocus.com
Subject: Re: TEXT/PLAIN: ALERT("OUTLOOK EXPRESS")


Denis Jedig wrote:
> Internet Explorer seems to take no offense on Content-Types either - 
> text/plain from a web server is happily rendered as HTML, if it contains 
> valid tags.

This has been its /modus operandi/ for over four years:
http://support.microsoft.com/default.aspx?scid=kb;en-us;239750

    Microsoft Knowledge Base Article - 239750
    "Text/Plain" Content-Type Header Field Is Ignored

    SYMPTOMS
    Internet Explorer may not use the "Text/Plain" Content-Type header
    field to properly open a text file on a Web site. For example, if a
    text file has an extension commonly associated with an executable
    binary file, Internet Explorer may try to run the text file instead
    of opening it as text.

    ...

    STATUS
    Microsoft has confirmed that this is a problem in the Microsoft
    products that are listed at the beginning of this article.

-- 
Stephen Cope - http://sdc.org.nz/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ