lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: dowlingg at sullcrom.com (Dowling, Gabrielle)
Subject: Administrivia: Testing Emergency Virus Filter..

Paul.....

Are you sure that this is true?  I know there was an autoexecution
concern with MiMail, for general unzip, but was wrong to begin with with
respect to that but even the initial post found it was not a concern
with the XP unzipping functionality.  I have never seen the XP unzip
cause code to autoexecute.

The problem with Mimail was that if you chose to unzip it with PKUnzip
and and then open , and if you didn't have an Outlook Express patch in
place, the code within it would autoexcute because IE relies on OE to
render MHTMA code (and I'm probably wrong about the nomenclature of
that.....But in a nutshell, MS was not very good about describing that
the OE vuln affected IE users when they released the patch.


Regards,
Gaby
-----Original Message-----
From: Schmehl, Paul L [mailto:pauls@...allas.edu] 
Sent: Wednesday, August 20, 2003 11:08 AM
To: full-disclosure@...ts.netsys.com
Subject: RE: [Full-Disclosure] Administrivia: Testing Emergency Virus
Filter..


> -----Original Message-----
> From: Jeroen Massar [mailto:jeroen@...ix.org]
> Sent: Wednesday, August 20, 2003 8:14 AM
> To: 'Richard M. Smith'; full-disclosure@...ts.netsys.com
> Subject: RE: [Full-Disclosure] Administrivia: Testing 
> 
> Hint for the new generation of virusmakers: Zip thou virii ;)
>
Bzzzt.  Already done.  Yaha sends zipped copies of itself, neatly taking
advantage of the "feature" in Windows XP that "understands" what a zip
file is and automatically asks you if you'd like to extract the
contents, which it will then execute automatically.  (Another sign of
brain dead-ness in Redmond.)
 
Paul Schmehl (pauls@...allas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/ 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


**********************************************************************
This e-mail is sent by a law firm and contains information
that may be privileged and confidential. If you are not the 
intended recipient, please delete the e-mail and notify us 
immediately. 
***********************************************************************

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ