On Fri, 7 Aug 1998, Stout, Bill wrote: > > Problem is the way Eudora 4x interacts with MSIE 4x and javascript. > > Please detail that on the list, since many of us can't enter NYT. Maybe > Aleph One can also expand on that. I would expect that any program with > integrated Internet capability would have similar security problems. Note: I had no access to the exploit for this vulnerability so I have not clue if this is really how it works. Its also been over a month since I looked at the IE HTML control and my memory is not the best. I do not consider myself a Windows programmer. Finally, I don't have the time to test this conjectures. Adam Shostack was the person that made me aware of the potential problems of using the MS HTML component. As far as I can tell the problem is that Eudora fails to turn off JavaScript/Java when displaying HTML messages with the IE HTML components. As you may or may not know, IE is little more than a wrapper around the MS HTML rendering component. Many other vendors, including Qualcomm, find it easy to reuse this component to display HTML instead of having to write their own HTML rendering engine or to license one from a third party. The HTML components has many options, including whether to turn on or off things like Java/JavaScript. In essence the exploit send a HTML email message to the user with an executable attached to it. The message has a link in it that executes some JavaScript (I am assuming onClick, I dont know why they would not use onLoad instead and do away with having to client on anything) which in turn executed the attached file. The are no security checks performed as this is a local file and is trusted. It should be noted that any products using the HTML component may also fail to turn of things like Java and JavaScript and may be vulnerable to similar attacks. Aleph One / aleph1at_private http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:11:46 PDT