On Tue, 15 Jul 2003 08:02:56 EDT, "Richard M. Smith" <[EMAIL PROTECTED]> said: > Ah yes, the Good Time virus. What a silly idea that a virus can execute > simply by reading an email message. Everyone knows that's > impossible........
Actually, that's *STILL* impossible. As far as I am aware of, every single "attack when you open the message" virus/worm is dependent on the fact that certain mail programs confuse the concept of "reading the message text" and "executing/interpreting code provided by an attacker". (OK - there's a mostly theoretical attack overflowing a buffer or something in a 'more/less' type program, and admittedly there's some borderline cases like the MIME header overflow documented in CERT CA-1998-10). Hint - think about why you need different security zones to defend you against plain non-active text. Those zones are only there because there's *ACTIVE* content involved.
pgp00000.pgp
Description: PGP signature
