SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
About the Archives
Want to learn about the SecurityTracker archives? We've got answers to frequently asked questions right here
Sign Up!





Category:  Application (E-mail Client)  >  Internet Explorer (IE) Vendors:  Microsoft
Re: Microsoft Internet Explorer May Automatically Execute Certain E-mail Attachments
Date:  Mar 30 2001 17:31 (UTC/GMT)
Impact:  Execution of arbitrary code via network
Exploit Included:  Yes  
Version(s): 5.01 (except with Service Pack 2), 5.5
Description:  Microsoft issued a security bulletin (MS01-020) announcing that, when rendering HTML-based e-mail messages that have incorrect MIME headers, Microsoft Internet Explorer may execute arbitrary code contained in an attachment to the email.

Juan Carlos G. Cuartango (who is credited with discovery) notes that EML files are a MIME multipart file type that IE 5 will parse incorrectly. Some demonstration exploit code has been posted to:

http://www.kriptopolis.com/cua/eml.html
Impact:  A remote attacker could send a specially crafted HTML-based e-mail message containing a malicious executable that will be automatically executed by Internet Explorer when a recipient opens the e-mail for reading (if the user's default browser is Internet Explorer).
Solution:  The vendor has released a patch.
Vendor URL:  www.microsoft.com/technet/security/bulletin/MS01-020.asp (Links to External Site)
Cause:  State error
Underlying OS:  Windows (Any)
Reported By:  Juan Carlos Garcia Cuartango <cuartango@TERRA.ES>
Message History:   This archive entry is a follow-up to the message listed below.
Mar 30 2001 Microsoft Internet Explorer May Automatically Execute Certain E-mail Attachments


 Message Contents
Date:  Fri, 30 Mar 2001 10:59:46 +0200
From:  Juan Carlos Garcia Cuartango <cuartango@TERRA.ES>
Subject:  Incorrect MIME Header Can Cause IE to Execute E-mail Attachment

 

This is a multi-part message in MIME format.

------=_NextPart_000_001B_01C0B908.88A62280
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit            

Hi,
Microsoft has released a security bulletin http://www.microsoft.com/technet/security/bulletin/ms01-02
0.asp entitled "Incorrect MIME
 Header Can Cause IE to Execute E-mail Attachment".
EML files are MIME multipart files that IE 5 will parse. There is a vulnerability allowing arbitrary 
code execution using this kind
 of files. This vulnerabiliy could allow an hostile page or e-mail to perform any action on your comp
uter. The vulnerability affects
 IE 5, IE 5.5 over all windows platforms.
I have prepared some demos about the vulnerability in www.kriptopolis.com (major spanish security sit
e) :
http://www.kriptopolis.com/cua/eml.html
Note : It you want to have a look to the hostile EML files you must click the right mouse button over
 the pictures and select the
 "Save Target As" menu option.
Regards,
Juan Carlos G. Cuartango


------=_NextPart_000_001B_01C0B908.88A62280
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit            

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 5.50.4522.1800" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>Hi,</FONT></DIV>
<DIV><FONT face=Arial size=2>Microsoft has released a security bulletin 
</FONT><FONT face=Arial><A 
href="http://www.microsoft.com/technet/security/bulletin/ms01-020.asp"><FONT 
size=2>http://www.microsoft.com/technet/security/bulletin/ms01-020.asp</FONT></A><F
ONT 
size=2>&nbsp;entitled "</FONT><FONT size=2>Incorrect MIME Header Can Cause IE
 to 
Execute E-mail Attachment".</FONT></FONT></DIV>
<DIV><FONT face=Arial size=2>EML files are MIME multipart files that IE 5 will 
parse. There is a vulnerability allowing arbitrary code execution using this 
kind of files. This vulnerabiliy could allow an hostile page or e-mail to 
perform any action on your computer. The vulnerability affects IE 5, IE 5.5 over 
all windows platforms.</FONT></DIV>
<DIV><FONT face=Arial size=2>I have prepared some demos about the vulnerability 
in <A href="http://www.kriptopolis.com">www.kriptopolis.com</A>&nbsp;(major
 
spanish security site) :</FONT></DIV>
<DIV><FONT face=Arial size=2><A 
href="http://www.kriptopolis.com/cua/eml.html">http://www.kriptopolis.com/cua/eml.html<
/A></FONT><FONT 
face=Arial size=2></FONT></DIV>
<DIV><FONT face=Arial size=2>Note : It you want to have a look to 
the&nbsp;hostile EML files you must click the right mouse button over the 
pictures and select the "Save Target As" menu option.</FONT></DIV>
<DIV><FONT face=Arial size=2>Regards,</FONT></DIV>
<DIV><FONT face=Arial size=2>Juan Carlos G. Cuartango</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV></BODY></HTML>

------=_NextPart_000_001B_01C0B908.88A62280--


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2001, SecurityGlobal.net LLC