* Scott <[EMAIL PROTECTED]> writes: > Be careful how you view your JPG and GIF files (from now on)... [...] > Any idea if The Bat would be vulnerable to this??
Take this (non-existant) URL: http://www.example.com/pics/me.jpg If you visit such a site you'd expect your browser to display the file �me.jpg�. But ... a) what if �me.jpg� isn't a file but a directory? Your browser will open something like �www.example.com/pics/me.jpg/index.html� b) what if a file (or directory) �me.jpg� doesn't exist? You'll be redirected to an 404-error page. Both the �me.jpg/index.html� and the error page *could* contain malicious code. Thus it appears that The Bat! is not vulnerable against this scenario because it doesn't confuse being a mailreader with being a web browser ... like others do. Carsten -- ________________________________________________ Current version is 2.02.3 CE | "Using TBUDL" information: http://www.silverstones.com/thebat/TBUDLInfo.html
