SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (E-mail Client)  >   Microsoft Internet Explorer (IE) Vendors:   Microsoft
Re: Microsoft Internet Explorer May Automatically Execute Certain E-mail Attachments
SecurityTracker Alert ID:  1001201
SecurityTracker URL:  http://securitytracker.com/id/1001201
CVE Reference:   CVE-2001-0154   (Links to External Site)
Date:  Mar 30 2001
Impact:   Execution of arbitrary code via network
Exploit Included:  Yes  
Version(s): 5.01 (except with Service Pack 2), 5.5
Description:   Microsoft issued a security bulletin (MS01-020) announcing that, when rendering HTML-based e-mail messages that have incorrect MIME headers, Microsoft Internet Explorer may execute arbitrary code contained in an attachment to the email.

Juan Carlos G. Cuartango (who is credited with discovery) notes that EML files are a MIME multipart file type that IE 5 will parse incorrectly. Some demonstration exploit code has been posted to:

http://www.kriptopolis.com/cua/eml.html
Impact:   A remote attacker could send a specially crafted HTML-based e-mail message containing a malicious executable that will be automatically executed by Internet Explorer when a recipient opens the e-mail for reading (if the user's default browser is Internet Explorer).
Solution:   The vendor has released a patch.
Vendor URL:  www.microsoft.com/technet/security/bulletin/MS01-020.asp (Links to External Site)
Cause:   State error
Underlying OS:   Windows (Any)

Message History:   This archive entry is a follow-up to the message listed below.
Mar 30 2001 Microsoft Internet Explorer May Automatically Execute Certain E-mail Attachments


 Source Message Contents
Date:  Fri, 30 Mar 2001 10:59:46 +0200
Subject:  Incorrect MIME Header Can Cause IE to Execute E-mail Attachment


This is a multi-part message in MIME format.

------=_NextPart_000_001B_01C0B908.88A62280
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit            

Hi,
Microsoft has released a security bulletin http://www.microsoft.com/technet/security/bulletin/ms01-020.asp entitled "Incorrect MIME
 Header Can Cause IE to Execute E-mail Attachment".
EML files are MIME multipart files that IE 5 will parse. There is a vulnerability allowing arbitrary code execution using this kind
 of files. This vulnerabiliy could allow an hostile page or e-mail to perform any action on your computer. The vulnerability affects
 IE 5, IE 5.5 over all windows platforms.
I have prepared some demos about the vulnerability in www.kriptopolis.com (major spanish security site) :
http://www.kriptopolis.com/cua/eml.html
Note : It you want to have a look to the hostile EML files you must click the right mouse button over the pictures and select the
 "Save Target As" menu option.
Regards,
Juan Carlos G. Cuartango


------=_NextPart_000_001B_01C0B908.88A62280
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit            

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 5.50.4522.1800" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>Hi,</FONT></DIV>
<DIV><FONT face=Arial size=2>Microsoft has released a security bulletin 
</FONT><FONT face=Arial><A 
href="http://www.microsoft.com/technet/security/bulletin/ms01-020.asp"><FONT 
size=2>http://www.microsoft.com/technet/security/bulletin/ms01-020.asp</FONT></A><FONT 
size=2>&nbsp;entitled "</FONT><FONT size=2>Incorrect MIME Header Can Cause IE to 
Execute E-mail Attachment".</FONT></FONT></DIV>
<DIV><FONT face=Arial size=2>EML files are MIME multipart files that IE 5 will 
parse. There is a vulnerability allowing arbitrary code execution using this 
kind of files. This vulnerabiliy could allow an hostile page or e-mail to 
perform any action on your computer. The vulnerability affects IE 5, IE 5.5 over 
all windows platforms.</FONT></DIV>
<DIV><FONT face=Arial size=2>I have prepared some demos about the vulnerability 
in <A href="http://www.kriptopolis.com">www.kriptopolis.com</A>&nbsp;(major 
spanish security site) :</FONT></DIV>
<DIV><FONT face=Arial size=2><A 
href="http://www.kriptopolis.com/cua/eml.html">http://www.kriptopolis.com/cua/eml.html</A></FONT><FONT 
face=Arial size=2></FONT></DIV>
<DIV><FONT face=Arial size=2>Note : It you want to have a look to 
the&nbsp;hostile EML files you must click the right mouse button over the 
pictures and select the "Save Target As" menu option.</FONT></DIV>
<DIV><FONT face=Arial size=2>Regards,</FONT></DIV>
<DIV><FONT face=Arial size=2>Juan Carlos G. Cuartango</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV></BODY></HTML>

------=_NextPart_000_001B_01C0B908.88A62280--


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2012, SecurityGlobal.net LLC