Rit Research Labs "The Bat!" Concealed Attachment Vulnerability

See http://www.malware.com/guano.eml

From original bugtraq post:
"We are able to blind the The BAT! ~..~ with trivial file extension modifications and carefully calculated file name lengths:

Content-Type:image/gif;
Content-Transfer-Encoding: base64
Content-Disposition: inline;
filename=" what's this?




.gif.exe"

Will create an inline attachment, which, while not important will not be indicted in the in-box. What is important is that the attachment viewed once the mail message has been opened will be with the icon of something else.

On two win98 machines, we achieved the icon of a folder: (screen shot: http://www.malware.com/guano.jpg 32KB)"


 

Privacy Statement
Copyright 2010, SecurityFocus