Outlook \r expliots - ripMIME fix.

From: Paul L Daniels (pldanielsat_private)
Date: Sun Feb 17 2002 - 21:43:53 PST

Next message: David F. Skoll: "Re: Non existing attachments, more info"

Previous message: David LeBlanc: "RE: In response to alleged vulnerabilities in Microsoft Visual C++ security checks feature"
In reply to: Gary McGraw: "Microsoft compiler flaw, Cigital responds"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

A recent announcement of ripMIME 1.2.12 has been superceded with a new release which covers several issues as mentioned in 3APA3Aat_private's content-exploits analysis post.

Specifically,

	"\0 data poisoning" and "fake-end-of-line termination" (due to fgets()) have been immediately covered.

Issues with UTF formatting is still present (although detection of the data content is not affected, as content-scanners should not use the file name as anything more than a subtle-guide).

	ripMIME is available at http://pldaniels.org/ripmime

Regards.

-- 
Paul L Daniels    http://www.pldaniels.com
Linux/Unix systems    Internet Development
ICQ#103642862,AOL:cinflex,IRC:inflex 
A.B.N. 19 500 721 806

Next message: David F. Skoll: "Re: Non existing attachments, more info"
Previous message: David LeBlanc: "RE: In response to alleged vulnerabilities in Microsoft Visual C++ security checks feature"
In reply to: Gary McGraw: "Microsoft compiler flaw, Cigital responds"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Feb 19 2002 - 15:14:49 PST