David LeBlanc wrote:
>
> There's a couple of things that aren't clear here -
>
> >IE and Outlook 5.x allow executing arbitrary programs using .eml files
>
> >Description:
> >There is a vulnerability in IE and Outlook 5.x for Win9x/WinNT (probably
> >others) which allows executing arbitrary programs using .eml files.
>
> Would this happen to apply to other web browsers, e.g., Netscape?
>
Netscape Communicator is not affected, don't know for other browsers.
> >Details:
> >The problem is creating files in the TEMP directory with known name and
> >arbitrary content.
>
> How does the file get there? Do all .eml files create temp files? I
> assume another work-around would be to have a user-specific temp directory,
> such as Windows 2000 uses.
>
The file is created by IE or some of its components. AFAIK not all .eml
files create temp files.
User specific temp directory is better than the default one.
