Outlook Express Attachment Carriage Return/Linefeed Encapsulation Filtering Bypass Vu
Results 1 to 5 of 5

Thread: Outlook Express Attachment Carriage Return/Linefeed Encapsulation Filtering Bypass Vu

  1. #1

    Question Outlook Express Attachment Carriage Return/Linefeed Encapsulation Filtering Bypass Vu

    It is possible to send attachments to Outlook Express users using non-standard attachment techniques. This can be accomplished by encapsulating the data in Carriage Return () specifiers in the Subject line of an email.

    Upon receiving an email with a subject line containing carriage returns, Outlook Express will interpret the data section of the mail beginning in the subject line. This problem is compounded by the fact that mail filtering utilities do not search the subject line for this type of data, and can allow a malicious file to pass to an Outlook Express user.

    Remote: Yes

    Exploit: No

    Vulnerable: Microsoft Outlook Express 5.5
    Microsoft Outlook Express 6.0

    Read other articles at www.xatrix.org

  2. #2
    Senior Member
    Join Date
    Dec 2001
    Posts
    884
    Oh, so you _do_ work for xatrix. Awesome, I've been wondering it for a while. I finally figured this out on this URL: http://www.xatrix.org/modules.php?op...der=&thold=#67

  3. #3
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584
    kewl, thanks for the info. though it would be better if xatrix showed us HOW its actually being done..

  4. #4
    Senior Member
    Join Date
    Dec 2001
    Posts
    1,193
    jehnx - I wondered about that. Now we know for sure.
    Trappedagainbyperfectlogic.

  5. #5
    Senior Member
    Join Date
    Dec 2001
    Posts
    884
    lol, yep! I just was reading around, submitted my opinion on the poll, and noticed a UN similar to this guy... a thought was sparked, and I was like "HAHAHAHA! I got him now!" Not that anything is wrong with you working there, KOBBRAS, it's just been my goal to find out that you do, hehe.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides