Qualcomm Eudora 5/6 - File Attachment Spoofing (1)

source: https://www.securityfocus.com/bid/5432/info Eudora is reported to be prone to an issue which may allow attackers to spoof the file extension in an attachment. This may aid an attacker in enticing a user of the e-mail client into executing malicious content, and in avoiding generating...

Microsoft Outlook Express 6 - .XML File Attachment Script Execution

Microsoft Outlook Express 6 - .XML File Attachment Script Execution source: https://www.securityfocus.com/bid/5350/info An error has been reported in Microsoft Outlook Express which may allow malicious XML file attachments to execute arbitrary code in the context of the local system. Code executi...

Medium security hole affecting W3Mail

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I believe I've found a medium level security hole relating to the way W3Mail stores MIME attachments. I contacted the authors CascadeSoft - http://www.cascadesoft.com/ on the 19th, offering them 14 days to produce a fix, but have had no reply to...

PT-2002-1536 · Symantec · Norton Anti-Virus

Name of the Vulnerable Software and Affected Versions: Norton Anti-Virus NAV affected versions not specified Description: The issue allows remote attackers to bypass content filtering via attachments whose Content-Type and Content-Disposition headers are mixed upper and lower case, which is ignor...

CVE-2002-0198

Buffer overflow in plDaniels ripMime 1.2.6 and earlier, as used in other programs such as xamime and inflex, allows remote attackers to execute arbitrary code via an attachment in a long filename...

Outlook Express Attach Execution Exploit (img tag + innerHTML + TIF dos name)

Using some informations posted on Bugtraq in this week, I found a very simple way to exploit "download&execution" of an .EXE file, directly from Outlook Express. This is my report: When an HTML page attached into a message, is started, it runs in the security zone of "Temporary Internet Files" TI...

Lotus Notes does not adequately secure databases thereby permitting arbitrary user to extract file attachments via NSFDbReadObject function call

Overview Lotus Domino Servers 5.x, 4.6x, and 4.5x allow users to associate objects with documents in a database. While these objects appear to be a part of the document, they are actually stored as separate files. A vulnerability exist by which an intruder could view these objects regardless of t...

Code execution via Eudora attachments

It's possible to launch executable attached to e-mail message by specifying it as image source...

CVE-2000-0891

A default ECL in Lotus Notes before 5.02 allows remote attackers to execute arbitrary commands by attaching a malicious program in an email message that is automatically executed when the user opens the email...

Rit Research Labs The Bat! 1.53 - Microsoft Denial of Service Device Name Denial of Service

Rit Research Labs The Bat! 1.53 - Microsoft Denial of Service Device Name Denial of Service source: https://www.securityfocus.com/bid/4187/info The Bat! is an e-mail client for Microsoft Windows operating systems. A problem occurs with The Bat! when it is configured to save attachments seperately...

CVE-2001-1547

Outlook Express 6.0, with "Do not allow attachments to be saved or opened that could potentially be a virus" enabled, does not block email attachments from forwarded messages, which could allow remote attackers to execute arbitrary code...

Lotus Notes: File attachments may be extracted regardless of document security

Hello, This is my first post to the list. I'll try to get this right. The short version is that file attachments and other objects may be extracted from Notes databases regardless of any author or reader fields on the documents the objects are attached to. This goes back to the structure of Notes...

OE6 + VBS + WSH + WIN200 + XP + HTML.DROPPER

We're examining resubmitting to bugtraq html.dropper now updated to in include an .exe http://www.securityfocus.com/bid/2260 - apparently the manufacturer didn't consider the original submission worthy of fixing as the same problem has been carried over to Outlook Express 6.00. On a default insta...

Outlook Web Access (OWA) executes scripts contained in email attachment opened via Microsoft Internet Explorer (IE)

Overview Microsoft Outlook Web Access OWA can run malicious scripts on an Exchange server when Internet Explorer IE users open email attachments. Description OWA allows users to access their email accounts on a Microsoft Exchange server from another host through a web browser. When IE users acces...

Softek MailMarshal 4 / Trend Micro ScanMail 1.0 - SMTP Attachment Protection Bypass

source: https://www.securityfocus.com/bid/3097/info At least two SMTP gateway products have been identified which contain flaws in the handling of restricted filetypes as attachments. An attacker can insert extraneous characters in the filename extension of a hostile attachment. The affected...

CVE-2001-0340

An interaction between the Outlook Web Access OWA service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically...

ZoneAlarm Pro's MailSafe

hi2all MailSafe is a feature on ZoneAlarm Pro http://www.zonelabs.com that identifies in e-mail attachments potentially harmful files ex: .exe, .com, .reg, .vbs or others that can be added in this feature configuration, and renames their extension to .zl; at the same time it can show an alarm box...

CVE-2001-1326

Eudora 5.1 allows remote attackers to execute arbitrary code when the "Use Microsoft Viewer" option is enabled and the "allow executables in HTML content" option is disabled, via an HTML email with a form that is activated from an image that the attacker spoofs as a link, which causes the user to...

CVE-2001-0398

The BAT! mail client allows remote attackers to bypass user warnings of an executable attachment and execute arbitrary commands via an attachment whose file name contains many spaces, which also causes the BAT! to misrepresent the attachment's type with a different icon...

Дырка в The Bat! (extention spoofing)

При показе вложенного файла имя файла обрезается, подобрав длину имени можно заставить файл появиться с безобидной картинкой, при запуске не будет выдано предупреждение...