[Esd-l] Triple extension exploit
Robert Trebula
trebula at ui42.com
Thu Jan 30 03:52:29 PST 2003
Hi,
if I understand this right, the file named
"malware.JPG .EXE .JPG"
will show up in outlook as "malware.JPG ..." and will be executed as .exe
file (I guess windows will treat it as .exe not because of the middle .EXE
extension but based on its content, am I right?)
What about adding a rule like "s/\s+/ /g" to sanitizer to change the attachment
name to "malware.JPG .EXE .JPG" ?
Robert
On Wed, Jan 29, 2003 at 11:39:15AM -0800, Kenneth Porter wrote:
> http://www.messagelabs.com/viruseye/report.asp?id=130
--
Bc. Robert TREBULA
ui42 spol. s r.o.
Hrdlickova 16, 831 01 Bratislava, Slovakia
tel.: (+421) 2 5479 3646
mailto:trebula at ui42.sk
http://www.ui42.com
More information about the esd-l
mailing list