OUTLOOK 2003: OuchLookMay 09 2004 11:29PM http-equiv (at) excite (dot) com [email concealed] (1 malware com)
Sunday, May 09, 2004
Outlook 2003 the premier mail client from the company
called 'Microsoft' certainly appears to have a lot of security
features built into it. Curosry examination shows excellent
thought into 'spam' containment, 'security' consideration and
many other little 'things'.
However there is a fundamental flaw with this particular device.
That is, it copies our arbitrary file with given name into a
known and easily reachable location:
<img src="malware.htm" style="display:none">
when embedded into the body of a mail message and when the
recipient replies, will copy itself into temp folder:
C:\Documents and Settings\<user name>\Local Settings\Temp.htm
This location can be quite easily reached without having to know
the user name [courtesy of jelmer]:
The scenario is 'painstakingly' trivial. Send your co-hort at
the office an email that requires a reply. Embed in it, an html
file out of sight. Either send them a second message with any
number of 'spoofed' url schemes pointing to the file in the
temp, or, direct them to a web site which will reach in into the
temp folder via the same url and install and run our malicious
software.
Sunday, May 09, 2004
Outlook 2003 the premier mail client from the company
called 'Microsoft' certainly appears to have a lot of security
features built into it. Curosry examination shows excellent
thought into 'spam' containment, 'security' consideration and
many other little 'things'.
However there is a fundamental flaw with this particular device.
That is, it copies our arbitrary file with given name into a
known and easily reachable location:
<img src="malware.htm" style="display:none">
when embedded into the body of a mail message and when the
recipient replies, will copy itself into temp folder:
C:\Documents and Settings\<user name>\Local Settings\Temp.htm
This location can be quite easily reached without having to know
the user name [courtesy of jelmer]:
<a href="shell:user profile\\local
settings\\temp\\malware.htm">http://office.microsoft.com/</a>
The scenario is 'painstakingly' trivial. Send your co-hort at
the office an email that requires a reply. Embed in it, an html
file out of sight. Either send them a second message with any
number of 'spoofed' url schemes pointing to the file in the
temp, or, direct them to a web site which will reach in into the
temp folder via the same url and install and run our malicious
software.
Very Silly Design Error.
End Call
--
http://www.malware.com
[ reply ]