On Fri, 30 Mar 2001, Juan Carlos Garcia Cuartango wrote: > Hi, Microsoft has released a security bulletin > http://www.microsoft.com/technet/security/bulletin/ms01-020.asp > entitled "Incorrect MIME Header Can Cause IE to Execute E-mail > Attachment". EML files are MIME multipart files that IE 5 will parse. > There is a vulnerability allowing arbitrary code execution using this > kind of files. This vulnerabiliy could allow an hostile page or e-mail > to perform any action on your computer. The vulnerability affects IE > 5, IE 5.5 over all windows platforms. I have prepared some demos about > the vulnerability in www.kriptopolis.com (major spanish security site) > : http://www.kriptopolis.com/cua/eml.html Note : It you want to have a > look to the hostile EML files you must click the right mouse button > over the pictures and select the "Save Target As" menu option. > Regards, Juan Carlos G. Cuartango Hi, Firstly, following the link above Cuartango has said "If you are using Windows Media Player 7 the demo will not work" this is incorrect, testing with IE 5.0 on Windows 2000 with Windows Media Player 7 (7.00.00.1956) the EML files download and launch automatically causing the specified code to execute. Secondly, the file extention .NWS (OE News File) will achieve the same result as a .EML file. So if you're filtering for these at your mail/proxy server you might want to block these also. Like the .EML files these also execute upon 'selecting' in windows explorer because of the preview function. ziss.
