On Wed, Jan 12, 2005 at 12:37:42PM -0800, Steven Rakick wrote: > This would mean that if an image exploiting the > recently announced Microsoft LoadImage API overflow > were imbedded into HTML email there would be zero > defense from the network layer as it would be > completely invisible.
Yes. I am planning to test, what that means to all those content filtering proxies. I have found one product that claims to be able to block "MIME content in HTML", I think they are referring to RfC2397 with that. > > Why am I not seeing more about this in the press? It > seems pretty threatening to me... Internet Explorer does not Implement RfC2397. That means it is interesting for a far smaller audience. ;-) Nils -- Nils Ketelsen // Mississauga, Canada 43� 35' 13"N, 79� 38' 23"W mailto:`#!/bin/[EMAIL PROTECTED] http://druecke.strg-alt-entf.org/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
