-
February 15th, 2002, 11:55 PM
#1
Outlook Express Attachment Carriage Return/Linefeed Encapsulation Filtering Bypass Vu
It is possible to send attachments to Outlook Express users using non-standard attachment techniques. This can be accomplished by encapsulating the data in Carriage Return () specifiers in the Subject line of an email.
Upon receiving an email with a subject line containing carriage returns, Outlook Express will interpret the data section of the mail beginning in the subject line. This problem is compounded by the fact that mail filtering utilities do not search the subject line for this type of data, and can allow a malicious file to pass to an Outlook Express user.
Remote: Yes
Exploit: No
Vulnerable: Microsoft Outlook Express 5.5
Microsoft Outlook Express 6.0
Read other articles at www.xatrix.org
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|