Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:1992
HistorySep 03, 2001 - 12:00 a.m.

OE6 + VBS + WSH + WIN200 + XP + HTML.DROPPER

2001-09-0300:00:00
vulners.com
16
JSON

We're examining resubmitting to bugtraq html.dropper now updated to in
include an *.exe (http://www.securityfocus.com/bid/2260) - apparently the
manufacturer didn't consider the original submission worthy of fixing as the
same problem has been carried over to Outlook Express 6.00.

On a default install of OE6, (which apparently ship with the 'final' XP),
the new security feature of blocking attachments is not enabled.

We would be interested to hear results of trying the following x-ploit which
includes a harmless *.exe - apparently it works on XP, 98 and possibly 2000.

Simply pretend you received the email as it is and proceed from there:

working demo:

harmless *.exe. Ensure OE6 is default in that the new security feature is
not enabled.

http://www.malware.com/bang.zip

Thanks.

we'd appreciate some feedback before we submit to BT.

Does it work on all OS's if you accept 'open file' or do the various OS's
incorporate additional safeguards.

http://www.malware.com

Send a cool gift with your E-Card
http://www.bluemountain.com/giftcenter/

JSON