Re: (Security) Incorrect MIME Header Can Cause IE to Execute E-mail Attachment

Fri, 30 Mar 2001 23:59:47 -0800 

Wow.
Matthew L. Wright
Java Internet Programmer
Jupiter One
Web World Studios West Coast
www.jupiterone.com
(818) 763-2927
----- Original Message -----
From: "Michael Dinowitz" <[EMAIL PROTECTED]>
To: "JRun-Talk" <[EMAIL PROTECTED]>
Sent: Friday, March 30, 2001 1:59 AM
Subject: (Security) Incorrect MIME Header Can Cause IE to Execute E-mail
Attachment


> All mail sent to any House of Fusion mailing list has its headers
rewritten
> and HTML content removed. This means that you will not receive any emails
to
> the list that can take advantage of the below mentioned security hole. I'm
> posting this to the list so that all list members using MS IE 5.01 or 5.5
to
> read their mail can take proper precautions. Thank you and may you be
> secure.
>
> This vulnerability exists because Internet Explorer does not handle MIME
> (Multipurpose Internet Mail Extensions) headers in HTML e-mails correctly.
> If a malicious user sends an affected HTML e-mail or hosts an affected
> e-mail on a Web site, and a user opens the e-mail or visits the Web site,
> Internet Explorer automatically runs the executable on the user's
computer.
> If this occurs, the executable can take any action on the computer that
the
> user can take, including adding, changing, or deleting data, communicating
> with Web sites, or reformatting the hard drive. This update eliminates the
> vulnerability by correcting the way Internet Explorer handles MIME headers
> in HTML e-mails, preventing e-mails from automatically launching
executable
> attachments.
>
> http://www.microsoft.com/technet/security/bulletin/MS01-020.asp
>
> Michael Dinowitz
> Publisher: Fusion Authority weekly news alert
> (www.fusionauthority.com/alert)
> Listmaster: CF-Talk, CF-Jobs, Spectra-Talk, Jrun-Talk, etc.
> (www.houseoffusion.com)
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Reply via email to