On Thu, Nov 20, 2003, Terry Lambert wrote:
>Gregory Sutter wrote:
>> Content-Type: text/plain; charset=iso-8859-1
>> Content-Disposition: inline
>> These headers show that the part is not an attachment but should be
>> displayed inline, and that it contains pure text that doesn't need a
>> special handler to be displayed. Why Outlook Express fails to
>> recognize this, and why Microsoft fails to issue a patch to fix the
>> problem, is unknown.
>Most mail worm implmentations uses an inline disposition to force
>the activation of an exploitable helper program to interpret content
>when the message is opened.
>Yes, they should recognize that text/plain is not an exploitable
>type unless there is a registered external "helper" for that type
>that overrides internal rendering as plain text (e.g. "Word"),
>even though text/html is, bt at least they are attempting to prevent
>exploits these days.
I'm not sure that text/plain isn't exploitable in OutLook. I
seem to remeber something about Outlook interpreting a line
starting with ``BEGIN '' (two spaces after BEGIN) as the start
of a program to be executed. I don't use any of the Microsoft
virii so, and if I did, I would never use the worm vector,
Outlook, so can't confirm this.
INTERNET: [EMAIL PROTECTED] Bill Campbell; Celestial Software LLC
UUCP: camco!bill PO Box 820; 6641 E. Mercer Way
FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676
When only cops have guns, it's called a ``police state''.
-- Claire Wolfe, "101 Things To Do Until The Revolution"
[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"