Advisory Title: Incredimail allows automatic over writing of files on your hard disk Release Date: 05/08/2001 Application: Incredimail Platform: Windows NT4 Windows 2000 Windows 9x/me Build: 1400185 .. possibly earlier builds as well Severity: Malicious users can easily over write system files. Author: Obscure^ [obscureat_private-p.com] Vendor Status: Did not respond to my e-mails. Maybe not interested, or asleep (?) ... Web: http://irc.m0ss.com/eos/main.pl?main=advisories/incredimail.html&menu=menu/advisories.html (maybe wrapped) http://www.incredimail.com Background. (extracted from http://www.incredimail.com/english/what.html) IncrediMail is an advanced email program that offers you, the user, an unprecedented interactive experience. With IncrediMail you can tailor your emails according to your mood and personality. Visual effects will entertain your every sense. Go ahead. Express yourself like you never did before! My comments: Incredimail does really look quite cool, with animations similar to the e-mail on Mission Impossible, plus it's free. Problem. Users can specify the filename of the skin, notifyer, animation etc This is specified in a text file called Content.ini, which is found in the compressed skin or animation. By appending the traditional dot dot to the filename, malicious users can easily over write any files on the same partition as Incredimail is intalled to. The file is automatically downloaded and copied to the client machine when it accesses a site or e-mail which starts a download for the Incredimail file. If the file already exists it tries to over write it. See the exploit example. Exploit Example. http://irc.m0ss.com/eos/advisories/incredimailexploit This webpage will simply create a file on C: (depends on which partition you installed Incredimail) named Obscure.dat. Disclaimer. The information within this document may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any consequences whatsoever arising out of or in connection with the use or spread of this information. Any use of this information lays within the user's responsibility. Feedback. Please send suggestions, updates, and comments to: Eye on Security mail:obscureat_private-p.com http://irc.m0ss.com/eos -- [ Free e-mail @ http://www.cybergoth.cjb.net ] Powered by Instant Portal
This archive was generated by hypermail 2b30 : Mon May 14 2001 - 00:36:20 PDT