From: jack at malware.com (Jack)
Subject: Re: Outlook Express Attachment Property Spoofing Vulnerabilities

It's in the archives. They can't be bothered. More important and 
serious concerns to attend to.

As far as they are concerned, as long as there is "a warning" 
dialogue, it is up to the user to accept or not accept. They as the 
vendor have done there job as long as there is warning.  Thereafter, 
tough luck to you if you get snagged.

Strange philosophy.

----- Original Message ----- 
From: Roland Postle 
To: full-disclosure@...ts.netsys.com 
Sent: Saturday, July 20, 2002 11:06 AM
Subject: Re: [Full-Disclosure] Re: Outlook Express Attachment 
Property Spoofing Vulnerabilities


So why hasn't MS fixed them then? Will it take a big email virus, and 
more
mass hysteria, before they do?

Personally I get sent a lot of virus and rely on knowing the 
extension. They
frequently use the spaces before extension vulnerability (so I'll get
somthing like 'hello.mp3     .scr') but I always notice these before 
opening
them anyway. However, combined with the other vulnerabilities you 
mention I
could probably be tricked into opening a virus. God help the clueless
people.

- Blazde

----- Original Message -----
From: "Jack" <jack@...ware.com>
To: <news@...uriteam.com>; <bugtraq@...urityfocus.com>;
<full-disclosure@...ts.netsys.com>
Cc: <mattmurphy@...rr.com>
Sent: Saturday, July 20, 2002 2:27 PM
Subject: [Full-Disclosure] Re: Outlook Express Attachment Property 
Spoofing
Vulnerabilities


> Dude, they are all two years old:
>
> http://www.securityfocus.com/bid/2260
> http://www.securityfocus.com/bid/3271
>


_______________________________________________
Full-Disclosure - We believe in it.
Full-Disclosure@...ts.netsys.com
http://lists.netsys.com/mailman/listinfo/full-disclosure

Powered by blists - more mailing lists