> >Of course the problem with this is, in my brief scanning of the RFCs >it looks like the whole name attribute has been replaced by the >filename attribute and is only there for legacy support. Legacy >support becomes difficult to claim is a security threat as even if it >can be exploited, chances are the malicious action won't work anyway >on whatever platform/program would be exploitable.
Good analysis. What we need is a PC mail program which can exploit this, then? ;-) What if the "filename" is damaged, i.e. sufficently long, can that cause the receiver program to use the name file, which could contain an application, kind of like the overflow exploits? Seems like a stretch... Mark James garlic @ veggy.com From: Dan Kalikow Reminds me of what one e-wag recently quipped -- that even VIRUS-writers don't support the Mac... ___________________________________________________________________________ To unsubscribe send a mail message with a SUBJECT line of "unsubscribe" to <[EMAIL PROTECTED]> or <[EMAIL PROTECTED]>
