[Esd-l] Triple extension exploit

Robert Trebula trebula at ui42.com
Thu Jan 30 03:52:29 PST 2003


if I understand this right, the file named 

"malware.JPG              .EXE                  .JPG" 

will show up in outlook as "malware.JPG     ..." and will be executed as .exe
file (I guess windows will treat it as .exe not because of the middle .EXE
extension but based on its content, am I right?)

What about adding a rule like "s/\s+/ /g" to sanitizer to change the attachment
name to "malware.JPG .EXE .JPG" ?


On Wed, Jan 29, 2003 at 11:39:15AM -0800, Kenneth Porter wrote:
> http://www.messagelabs.com/viruseye/report.asp?id=130

Bc. Robert TREBULA
ui42 spol. s r.o.
Hrdlickova 16, 831 01 Bratislava, Slovakia
tel.: (+421) 2 5479 3646
mailto:trebula at ui42.sk

More information about the esd-l mailing list