[Esd-l] Trapped poisoned Microsoft attachments?

John D. Hardin jhardin at impsec.org
Sat Feb 15 19:42:28 PST 2003

On Sat, 15 Feb 2003, Scott Taylor wrote:

> >Actually, right now the cause is probably an embedded image or
> >external file reference, for which the default score is 99.
> >
> >There's a config variable for setting the embedded image score, but if
> >the default is too problematic I will dial it back to 20 or so.
> >
> >Comments?
> Yeah, I think 99 is a little high for an embedded image, but a
> good number for an external file reference.

I may try to distinguish between a local reference and a URL. 

However, there are two completely separate attacks here. The first is
a privacy attack through embedding a web bug, and the second is a file
theft attack through embedding a link to a local file, then convincing
the recipient to send the document back once the file has been
copied into the document.

 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org                        pgpk -a jhardin at impsec.org
 key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
  ...the Fates notice those who buy chainsaws...
                                              -- www.darwinawards.com
   96 days until The Matrix Reloaded

More information about the esd-l mailing list