[Esd-l] Gap in Sanitizer Protection?
John D. Hardin
jhardin at impsec.org
Wed Nov 20 10:50:00 PST 2002
On Wed, 20 Nov 2002, Stephen Sloan wrote:
> The Sanitizer let through a Word document without defanging the
> file name. The file name had two spaces in it, ie.
>
> xx xxx xxxx.doc
>
> Do the spaces account for why the filename was not defanged?
No, embedded spaces should not cause a problem. What version of the
sanitizer are you using?
Do you have a copy of the original message so that I can see the
headers? If so, zip it up and send it to me. If you want to generate a
"safe" sample document that exhibits the problem, that's fine. I don't
care about the document itself, just the message headers.
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org pgpk -a jhardin at impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
...the Fates notice those who buy chainsaws...
-- www.darwinawards.com
-----------------------------------------------------------------------
28 days until The Two Towers
More information about the esd-l
mailing list