On Thu, Nov 20, 2003, Terry Lambert wrote: >Gregory Sutter wrote: >> Content-Type: text/plain; charset=iso-8859-1 >> Content-Disposition: inline >> >> These headers show that the part is not an attachment but should be >> displayed inline, and that it contains pure text that doesn't need a >> special handler to be displayed. Why Outlook Express fails to >> recognize this, and why Microsoft fails to issue a patch to fix the >> problem, is unknown. > >Most mail worm implmentations uses an inline disposition to force >the activation of an exploitable helper program to interpret content >when the message is opened. > >Yes, they should recognize that text/plain is not an exploitable >type unless there is a registered external "helper" for that type >that overrides internal rendering as plain text (e.g. "Word"), >even though text/html is, bt at least they are attempting to prevent >exploits these days.
I'm not sure that text/plain isn't exploitable in OutLook. I seem to remeber something about Outlook interpreting a line starting with ``BEGIN '' (two spaces after BEGIN) as the start of a program to be executed. I don't use any of the Microsoft virii so, and if I did, I would never use the worm vector, Outlook, so can't confirm this. Bill -- INTERNET: [EMAIL PROTECTED] Bill Campbell; Celestial Software LLC UUCP: camco!bill PO Box 820; 6641 E. Mercer Way FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676 URL: http://www.celestial.com/ When only cops have guns, it's called a ``police state''. -- Claire Wolfe, "101 Things To Do Until The Revolution" _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
