[Esd-l] Triple extensions

John D. Hardin jhardin at impsec.org
Tue Feb 4 13:44:21 PST 2003

On Mon, 3 Feb 2003, Michael Ghens wrote:

> The register has an article about triple exentions.
> http://www.theregister.co.uk/content/56/29137.html
> What it states is that by creating a attatchment like: 
> vacation.jpg.exe.jpg, a trojan can be put in. The user sees the first 
> extension, the third is used for the icon, and the middle is for 
> launching.
> Does the sanitizer catch it?

The attachment filename must be "carefully crafted" (your example
above won't work). I *think* it will be sanitized, but it won't be
caught (poisoned).

There's been some posts on this recently, check the archives.

 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org                        pgpk -a jhardin at impsec.org
 key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
  The fetters imposed on liberty at home have ever been forged out
  of the weapons provided for defense against real, pretended, or
  imaginary dangers from abroad.
                                            -- James Madison, 1799
   637 days until the Presidential Election

More information about the esd-l mailing list