Related information

Большая дырка в Outlook Express (E-mail execution)

OE6 + VBS + WSH + WIN200 + XP + HTML.DROPPER

A subject line buffer overflow in Outlook Express (was Re: EML Content Spoofing and Informed Consent)

Advisory CA-2001-06

Incorrect MIME Header Can Cause IE to Execute E-mail Attachment

From:	JC (Kriptopolis) <cuartango_(at)_KRIPTOPOLIS.COM>
Date:	05.04.2001
Subject:	MS patch Q292108 opens a vulnerability

Hi,
Last MS patch Q290108 released with the bulletin MS01-020 opens a new
vulnerability.
A tricked EML file can confuse the user displaying him a fake downlodaded
file name. Executable files can be disguised as other supposedly inocent
files (text, sound or images).
Demo is available in :
http://www.kriptopolis.com/cua/20010404.html
The issue was reported to MS on 22 february and they argue : this is not a
vulnerability as far as It involves a use decision.
Jesus Lуpez de Aguileta has also posted the vulnerability to this list.
Juan Carlos G. Cuartango