It seems that the problem is with 'bad' mime types. I guess if you had a
webpage being generated dynamically and it changed the mime type into the
'dangerous' one, then the code on the page will be execute by the visiting
browser.I may hit some of the underground sites to get a clear picture on
this.
> From the KB article:
>
> <An attacker could use this vulnerability in either of two scenarios. She
> could host an affected HTML e-mail on a web site and try to persuade
another
> user to visit it, at which point script on a web page could open the mail
> and initiate the executable. Alternatively, she could send the HTML mail
> directly to the user. In either case, the executable attachment, if it
ran,
> would be limited only by user's permissions on the system.>
>
> ??? What is meant by "host an affected HTML e-mail on a web site and try
to
> persuade another user to visit it"? How do you host an email on a web
site?
> Can't quite get my mind around that one.
>
> How about this:
>
> <Tested Versions:
> Microsoft tested IE 5.01 and IE 5.5 to assess whether they are affected by
> this vulnerability. Previous versions are no longer supported and may or
may
> not be affected by this vulnerability.>
>
> I love the little bit below. I'm sure someone will find the time to test
it
> for them.
>
> Jim
>
>
>
> ----- Original Message -----
>
> From: "Michael Dinowitz" <[EMAIL PROTECTED]>
> To: "CF-Server" <[EMAIL PROTECTED]>
> Sent: Friday, March 30, 2001 2:59 AM
> Subject: (Security) Incorrect MIME Header Can Cause IE to Execute E-mail
> Attachment
>
>
> > All mail sent to any House of Fusion mailing list has its headers
> rewritten
> > and HTML content removed. This means that you will not receive any
emails
> to
> > the list that can take advantage of the below mentioned security hole.
I'm
> > posting this to the list so that all list members using MS IE 5.01 or
5.5
> to
> > read their mail can take proper precautions. Thank you and may you be
> > secure.
> >
> > This vulnerability exists because Internet Explorer does not handle MIME
> > (Multipurpose Internet Mail Extensions) headers in HTML e-mails
correctly.
> > If a malicious user sends an affected HTML e-mail or hosts an affected
> > e-mail on a Web site, and a user opens the e-mail or visits the Web
site,
> > Internet Explorer automatically runs the executable on the user's
> computer.
> > If this occurs, the executable can take any action on the computer that
> the
> > user can take, including adding, changing, or deleting data,
communicating
> > with Web sites, or reformatting the hard drive. This update eliminates
the
> > vulnerability by correcting the way Internet Explorer handles MIME
headers
> > in HTML e-mails, preventing e-mails from automatically launching
> executable
> > attachments.
> >
> > http://www.microsoft.com/technet/security/bulletin/MS01-020.asp
> >
> > Michael Dinowitz
> > Publisher: Fusion Authority weekly news alert
> > (www.fusionauthority.com/alert)
> > Listmaster: CF-Talk, CF-Jobs, Spectra-Talk, Jrun-Talk, etc.
> > (www.houseoffusion.com)
> >
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
------------------------------------------------------------------------------
To unsubscribe, send a message to [EMAIL PROTECTED] with
'unsubscribe' in the body or visit the list page at www.houseoffusion.com
