9 lines
No EOL
735 B
Text
9 lines
No EOL
735 B
Text
source: https://www.securityfocus.com/bid/5277/info
|
|
|
|
It is possible for a malicious user, sending email via a mail agent capable of manipulating the MIME headers, to spoof file extensions for users of Outlook Express. For example, an .exe file can be made to look like a .txt (or other seemingly harmless file type) file in the attachment list.
|
|
|
|
When including a certain string of characters between the filename and the actual file extension, Outlook Express will display the specified misleading file extension type.
|
|
|
|
The end result is that an attacker is able to entice a user to open or save files of arbitrary types to their local system.
|
|
|
|
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/21631.eml |