[ISN] Long-filename email exploit reply

From: mea culpa (jerichoat_private)
Date: Tue Aug 04 1998 - 00:55:49 PDT

  • Next message: mea culpa: "[ISN] Teen hackers plead guilty to Pentagon attacks"

    Reply From: Rob Rosenberger <usat_private>
    NTBUGTRAQ moderator Russ Cooper received international media attention when
    he wrote about a "new" email exploit. In theory, someone can run malicious
    code on your computer by crafting an extremely long filename for an email
    attachment. The attachment doesn't need to execute -- the filename itself
    executes when Outlook tries to parse the filename.
    This exploit may sound bizarre to the average reporter... but I yawned when
    I heard about it. You see, this latest security flaw is just a derivative of
    the 'letter bomb' exploit (1996) and the 'res://' exploit (1997).  Most news
    outlets ignored the older flaws -- because they came out too soon after the
    Hare virus media fiasco.
    Read http://www.kumite.com/myths/opinion/thoughts for more...
    Rob Rosenberger, webmaster
    Computer Virus Myths home page
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: New Dimensions International [www.newdimensions.net]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:00:10 PDT