lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: pauls at utdallas.edu (Schmehl, Paul L) Subject: How often are IE security holes exploited? Nick, wasn't that Braid? (The damn viruses all seem to run together now, there's so many of them.) Paul Schmehl (pauls@...allas.edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/ > -----Original Message----- > From: Nick FitzGerald [mailto:nick@...us-l.demon.co.uk] > Sent: Friday, December 13, 2002 2:15 AM > To: full-disclosure@...ts.netsys.com > Subject: RE: [Full-Disclosure] How often are IE security > holes exploited? > > I forget exactly which offhand (perhaps the first Yaha or > something just before it?) took advantage of the CR-only (or > LF-only??) line break issue, in which many Unix mail servers > will incorrectly pass what should be CRLF line-terminations > and are otherwise invalid characters in standard SMTP > traffic. Several content filter and AV Email scanner parsers > "mis-handled" these messages, missing the attachments > entirely (why these products were not written from the > beginning to "fail closed" has still not been satisfactorily > answered) and passing the bad messages on. Of course, > Outlook and/or OE "happily" saw the messages as intended and > they would detach and run the atatchments (and of course the > users, feeling "safe" because they knew their Email was > scanned for bad things, happily double-clicked away...).
Powered by blists - more mailing lists