Georgi Guninski wrote:
>
> Georgi Guninski security advisory #9, 2000
>
> IE and Outlook 5.x allow executing arbitrary programs using .eml files
>
> Disclaimer:
> The opinions expressed in this advisory and program are my own and not
> of any company.
> The usual standard disclaimer applies, especially the fact that Georgi
> Guninski is not liable for any damages caused by direct or indirect use
> of the information or functionality provided by this program.
> Georgi Guninski, bears NO responsibility for content or misuse of this
> program or any derivatives thereof.
>
> Description:
> There is a vulnerability in IE and Outlook 5.x for Win9x/WinNT (probably
> others) which allows executing arbitrary programs using .eml files.
> This may be exploited when browsing web pages or openining an email
> message in Outlook.
> This may lead to taking control over user's computer.
> It is also possible to read and send local files.
>
> Details:
> The problem is creating files in the TEMP directory with known name and
> arbitrary content.
> One may place a .chm file in the TEMP directory which contains the
> "shortcut" command and when the .chm file is opened with the showHelp()
> method programs may be executed.
> This vulnerability may be exploited by HTML email message in Outlook.
[..cut..]
> Demonstration which starts Wordpad:
> http://www.nat.bg/~joro/eml.html
>
> Workaround: Disable Active Scripting.
This doesn't work for my Win2000 with IE5.0. It only prompts me for saving
*.chm file, without running. I can accept this and run, but this exclude
working background.
--
pozdrawiam..
## ## | Sylwester Zarębski - ISP Group |
#### ## | e-mail: [EMAIL PROTECTED] |
## ## ## | ICQ uin: #45780888 |
## #### ## | Administrator ISP.NET.PL |
