Rit Research Labs "The Bat!" Concealed Attachment Vulnerability

"The Bat!" is an MUA for Windows by Rit Research Labs.

A remote attacker can compose an email message which contains an attached file having a carefully-composed filename, in which excess whitespace is used to conceal the filename, and the file's presence, in the "The Bat!" user's inbox.

This could lead a victim user to execute a potentially malicious attachment without being properly alerted that the attachment is of an executable type.

If run, an attachment containing a hostile program or script could have serious security consequences for the affected system.


 

Privacy Statement
Copyright 2010, SecurityFocus