[Esa-l] HTMLDropper - more details

John D. Hardin jhardin at wolfenet.com
Sun Jan 21 14:06:30 PST 2001


I've been talking with the people at malware who posted the initial
advisory about this. It seems that no MIME content is needed at all,
not even badly formatted MIME, just a very long subject line.

I don't have ready access to an Outlook client, so a proper fix for
this will have to wait, but it looks like the suggestion to include
the Subject: header in attachment filename checking is going to be the
most correct response.

A simpler response might be to limit the length of the Subject line to
a sane length, but then we get into the difficult area of defining
"what is sane"?

--
 John Hardin KA7OHZ   ICQ#15735746   http://www.wolfenet.com/~jhardin/
 jhardin at wolfenet.com      pgpk -a finger://gonzo.wolfenet.com/jhardin
  768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76 
 1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  The question of whether people should be allowed to harm themselves
  is simple. They *must*.
                                  -- Charles Murray
-----------------------------------------------------------------------
   13 days until she returns





More information about the esd-l mailing list