 |
|
|
|
We're examining resubmitting to bugtraq html.dropper now updated to in
include an *.exe (http://www.securityfocus.com/bid/2260) - apparently the
manufacturer didn't consider the original submission worthy of fixing as the
same problem has been carried over to Outlook Express 6.00.
On a default install of OE6, (which apparently ship with the 'final' XP),
the new security feature of blocking attachments is not enabled.
We would be interested to hear results of trying the following x-ploit which
includes a harmless *.exe - apparently it works on XP, 98 and possibly 2000.
Simply pretend you received the email as it is and proceed from there:
working demo:
harmless *.exe. Ensure OE6 is default in that the new security feature is
not enabled.
http://www.malware.com/bang.zip
Thanks.
we'd appreciate some feedback before we submit to BT.
Does it work on all OS's if you accept 'open file' or do the various OS's
incorporate additional safeguards.
---
http://www.malware.com
_______________________________________________________
Send a cool gift with your E-Card
http://www.bluemountain.com/giftcenter/
|
|
|
|
|
|
|
|
