[Esd-l] Uh-oh: Outlook bug involving triple extensions

Brett Glass brett at lariat.org
Sat Feb 1 20:39:54 PST 2003

P.S. -- The technique cited in this article can't be defeated with John's 
sanitizer merely by adding patterns to the "poisoned" file, because file 
names aren't compared against the patterns in that file unless the final 
extension is on a list that's built into the sanitizer.... Again, see


More information about the esd-l mailing list