[Esd-l] Possibly Bugbear
John D. Hardin
jhardin at impsec.org
Tue Oct 1 21:00:01 PDT 2002
On Wed, 2 Oct 2002, Howard Lowndes wrote:
> The attachment has a double extension with the full name being
> >Content-Type: audio/x-midi;
> > name=amy & scott wedding menu kelly for erica.pub.scr
eyuck.
I'll try that here and see what happens...
> However, the attachment shows up as
>
> Content-Type: application/octet-stream; name="amy"
> Content-Disposition: attachment; filename="amy"
> Content-Transfer-Encoding: base64
>
> which might explain why it slipped thru the sanitizer.
yeah, it looks like a bug in the add-quotes-to-unquoted-filename
logic.
> My concern is, what would be the impact of a file name without an
> extension? Would M$ be smart enough to try to run it as an EXE,
> or is there not a risk?
You're probably at risk. I think that MS does magic scanning on
application/octet-stream attachments.
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org pgpk -a jhardin at impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
...the Fates notice those who buy chainsaws...
-- www.darwinawards.com
-----------------------------------------------------------------------
78 days until The Two Towers
More information about the esd-l
mailing list