On Thu, Nov 20, 2003, Terry Lambert wrote:
>Gregory Sutter wrote:
>>   Content-Type: text/plain; charset=iso-8859-1
>>   Content-Disposition: inline
>> These headers show that the part is not an attachment but should be
>> displayed inline, and that it contains pure text that doesn't need a
>> special handler to be displayed.  Why Outlook Express fails to
>> recognize this, and why Microsoft fails to issue a patch to fix the
>> problem, is unknown.
>Most mail worm implmentations uses an inline disposition to force
>the activation of an exploitable helper program to interpret content
>when the message is opened.
>Yes, they should recognize that text/plain is not an exploitable
>type unless there is a registered external "helper" for that type
>that overrides internal rendering as plain text (e.g. "Word"),
>even though text/html is, bt at least they are attempting to prevent
>exploits these days.

I'm not sure that text/plain isn't exploitable in OutLook.  I
seem to remeber something about Outlook interpreting a line
starting with ``BEGIN  '' (two spaces after BEGIN) as the start
of a program to be executed.  I don't use any of the Microsoft
virii so, and if I did, I would never use the worm vector,
Outlook, so can't confirm this.

INTERNET:   [EMAIL PROTECTED]  Bill Campbell; Celestial Software LLC
UUCP:               camco!bill  PO Box 820; 6641 E. Mercer Way
FAX:            (206) 232-9186  Mercer Island, WA 98040-0820; (206) 236-1676
URL: http://www.celestial.com/

When only cops have guns, it's called a ``police state''.
        -- Claire Wolfe, "101 Things To Do Until The Revolution"
[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to