[Esd-l] Possibly Bugbear

John D. Hardin jhardin at impsec.org
Tue Oct 1 21:00:01 PDT 2002

On Wed, 2 Oct 2002, Howard Lowndes wrote:

> The attachment has a double extension with the full name being
> >Content-Type: audio/x-midi;
> >         name=amy & scott wedding menu kelly for erica.pub.scr


I'll try that here and see what happens...

> However, the attachment shows up as
> Content-Type: application/octet-stream; name="amy"
> Content-Disposition: attachment; filename="amy"
> Content-Transfer-Encoding: base64
> which might explain why it slipped thru the sanitizer.

yeah, it looks like a bug in the add-quotes-to-unquoted-filename
> My concern is, what would be the impact of a file name without an
> extension?  Would M$ be smart enough to try to run it as an EXE,
> or is there not a risk?

You're probably at risk. I think that MS does magic scanning on
application/octet-stream attachments.

 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org                        pgpk -a jhardin at impsec.org
 key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
  ...the Fates notice those who buy chainsaws...
                                              -- www.darwinawards.com
   78 days until The Two Towers

More information about the esd-l mailing list