From owner-freebsd-questions@FreeBSD.ORG Thu Nov 20 09:25:06 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7823416A4CE for ; Thu, 20 Nov 2003 09:25:06 -0800 (PST) Received: from mail.mi.celestial.com (dagney.celestial.com [192.136.111.7]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9964043FD7 for ; Thu, 20 Nov 2003 09:25:05 -0800 (PST) (envelope-from bill@celestial.com) Received: by mail.mi.celestial.com (Postfix, from userid 203) id 4CA2211EF65; Thu, 20 Nov 2003 09:25:05 -0800 (PST) Date: Thu, 20 Nov 2003 09:25:05 -0800 From: Bill Campbell To: freebsd-questions@freebsd.org Message-ID: <20031120172505.GA94190@alexis.mi.celestial.com> Mail-Followup-To: freebsd-questions@freebsd.org References: <20031120005218.GA76590@xor.obsecurity.org> <20031120013831.GT98272@klapaucius.zer0.org> <3FBCBDF9.A9F9EB66@mindspring.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3FBCBDF9.A9F9EB66@mindspring.com> User-Agent: Mutt/1.4.1i Subject: Re: SCO going after BSD??? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: freebsd@celestial.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Nov 2003 17:25:06 -0000 On Thu, Nov 20, 2003, Terry Lambert wrote: >Gregory Sutter wrote: >> Content-Type: text/plain; charset=iso-8859-1 >> Content-Disposition: inline >> >> These headers show that the part is not an attachment but should be >> displayed inline, and that it contains pure text that doesn't need a >> special handler to be displayed. Why Outlook Express fails to >> recognize this, and why Microsoft fails to issue a patch to fix the >> problem, is unknown. > >Most mail worm implmentations uses an inline disposition to force >the activation of an exploitable helper program to interpret content >when the message is opened. > >Yes, they should recognize that text/plain is not an exploitable >type unless there is a registered external "helper" for that type >that overrides internal rendering as plain text (e.g. "Word"), >even though text/html is, bt at least they are attempting to prevent >exploits these days. I'm not sure that text/plain isn't exploitable in OutLook. I seem to remeber something about Outlook interpreting a line starting with ``BEGIN '' (two spaces after BEGIN) as the start of a program to be executed. I don't use any of the Microsoft virii so, and if I did, I would never use the worm vector, Outlook, so can't confirm this. Bill -- INTERNET: bill@Celestial.COM Bill Campbell; Celestial Software LLC UUCP: camco!bill PO Box 820; 6641 E. Mercer Way FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676 URL: http://www.celestial.com/ When only cops have guns, it's called a ``police state''. -- Claire Wolfe, "101 Things To Do Until The Revolution"