>Outlook 'CR' Vulnerability
"It is possible to send attachments to Outlook Express users using non-standard attachment techniques. This can be accomplished by encapsulating the data in Carriage Return (<CR>) specifiers in the Subject line of an email. Upon receiving an email with a subject line containing carriage returns, Outlook Express will interpret the data section of the mail beginning in the subject line.
This does describe the Outlook 'CR' Vulnerability.
Declude (please correct if wrong) will detect this when a <CR> is not followed by a <LF> in the headers or MIME headers of an email. In a recent email example we saw <CR><CR><LF> in the MIME headers that rightly failed the test.
That is correct.
And the main reason for detecting this isn't to stop viruses before they are detected (as is the case with some vulnerabilities, such as the "Outlook 'MIME Headers' Vulnerability"), but it is to stop viruses that can't be stopped otherwise (Declude Virus, like all other mailserver virus scanners, will not even see the attachment referred to above, so it can't be scanned).
For a bit more information on these new vulnerabilities, you can go to http://www.av-test.org and click on the "Malformed E-mail Project - Part 2" link on the right side of the page. It doesn't have many details, but the paper should help show the severity of the issue.
-Scott
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
