We're examining resubmitting to bugtraq html.dropper now updated to in include an *.exe (http://www.securityfocus.com/bid/2260) - apparently the manufacturer didn't consider the original submission worthy of fixing as the same problem has been carried over to Outlook Express 6.00. On a default install of OE6, (which apparently ship with the 'final' XP), the new security feature of blocking attachments is not enabled. We would be interested to hear results of trying the following x-ploit which includes a harmless *.exe - apparently it works on XP, 98 and possibly 2000. Simply pretend you received the email as it is and proceed from there: working demo: harmless *.exe. Ensure OE6 is default in that the new security feature is not enabled. http://www.malware.com/bang.zip Thanks. we'd appreciate some feedback before we submit to BT. Does it work on all OS's if you accept 'open file' or do the various OS's incorporate additional safeguards. --- http://www.malware.com _______________________________________________________ Send a cool gift with your E-Card http://www.bluemountain.com/giftcenter/
This archive was generated by hypermail 2b30 : Sat Sep 01 2001 - 12:49:10 PDT