[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] Administrivia: Testing Emergency Virus Filter..

To: "Schmehl, Paul L" <pauls@utdallas.edu>, <full-disclosure@lists.netsys.com>
Subject: RE: [Full-Disclosure] Administrivia: Testing Emergency Virus Filter..
From: "Dowling, Gabrielle" <dowlingg@sullcrom.com>
Date: Thu, 21 Aug 2003 00:40:18 -0400

Paul.....

Are you sure that this is true?  I know there was an autoexecution
concern with MiMail, for general unzip, but was wrong to begin with with
respect to that but even the initial post found it was not a concern
with the XP unzipping functionality.  I have never seen the XP unzip
cause code to autoexecute.

The problem with Mimail was that if you chose to unzip it with PKUnzip
and and then open , and if you didn't have an Outlook Express patch in
place, the code within it would autoexcute because IE relies on OE to
render MHTMA code (and I'm probably wrong about the nomenclature of
that.....But in a nutshell, MS was not very good about describing that
the OE vuln affected IE users when they released the patch.


Regards,
Gaby
-----Original Message-----
From: Schmehl, Paul L [mailto:pauls@utdallas.edu] 
Sent: Wednesday, August 20, 2003 11:08 AM
To: full-disclosure@lists.netsys.com
Subject: RE: [Full-Disclosure] Administrivia: Testing Emergency Virus
Filter..


> -----Original Message-----
> From: Jeroen Massar [mailto:jeroen@unfix.org]
> Sent: Wednesday, August 20, 2003 8:14 AM
> To: 'Richard M. Smith'; full-disclosure@lists.netsys.com
> Subject: RE: [Full-Disclosure] Administrivia: Testing 
> 
> Hint for the new generation of virusmakers: Zip thou virii ;)
>
Bzzzt.  Already done.  Yaha sends zipped copies of itself, neatly taking
advantage of the "feature" in Windows XP that "understands" what a zip
file is and automatically asks you if you'd like to extract the
contents, which it will then execute automatically.  (Another sign of
brain dead-ness in Redmond.)
 
Paul Schmehl (pauls@utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/ 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


**********************************************************************
This e-mail is sent by a law firm and contains information
that may be privileged and confidential. If you are not the 
intended recipient, please delete the e-mail and notify us 
immediately. 
***********************************************************************

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: [Full-Disclosure] windowsupdate
Next by Date: [Full-Disclosure] Re: EEYE: Internet Explorer Object Data Remote Execution Vulnerability
Prev by thread: RE: [Full-Disclosure] Administrivia: Testing Emergency Virus Filter..
Next by thread: [Full-Disclosure] MDKSA-2003:083 - Updated eroaster packages fix temporary file vulnerability
Index(es):
- Date
- Thread