LWN.net Logo

Advertisement

TrustCommerce

E-Commerce & credit card processing - the Open Source way!

Advertise here

Not logged in

Log in now

Create an account

Subscribe to LWN

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

LWN.net Weekly Edition for November 20, 2008

MinGW and why Linux users should care

LWN.net Weekly Edition for November 13, 2008

NLUUG/ELCE: Embedded devices and free software

The sad story of the em28xx driver

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

"Security hole"?

"Security hole"?

Posted Oct 13, 2003 7:45 UTC (Mon) by diegor (guest, #1967)
In reply to: "Security hole"? by TwoTimeGrime
Parent article: E-mail filters not fooled by signed spam (News.com)

It's a old Outlook express bugs. I don't know exactly where is fixed. BTW:
the trick is that outlook was configured in highly insecure way, so the autopreview open any attachment that looks like a image.

So if you made an attachment that is a executable, named pippo.gif.exe (to fool the user) and mime type 'image/gif', outlook open it using run32.dll.

But run32dll it recognizes that it is an executable, and run it. Be happy, the nice autopreview feature have installed a new virus, even if you haven't clicked on the image....

The problem with outlook (and many other office program) is that until now they are not designed with security in mind.

Regards,
Diego.

(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds