Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Windows Net Apps :: win2743.htm

Incredimail build 1400185 - Overwrite any file



11th May 2001 [SBWID-2743]
COMMAND

	    Incredimail

	

SYSTEMS AFFECTED

	    Incredimail build 1400185 .. possibly earlier builds as well

	

	

PROBLEM

	    \'Obscure\'  found  following.   IncrediMail  is  an  advanced email

	    program that  offers you,  the user,  an unprecedented interactive

	    experience.  With IncrediMail you can tailor your emails according

	    to your mood and personality.  Visual effects will entertain  your

	    every  sense.   Go  ahead.   Express  yourself  like you never did

	    before!

	

	    Well, Incredimail  does really  look quite  cool, with  animations

	    similar to the e-mail on Mission Impossible, plus it\'s free.

	

	    Users can specify  the filename of  the skin, notifyer,  animation

	    etc This is specified in a text file called Content.ini, which  is

	    found in the compressed skin or animation.

	

	    By appending the  traditional dot dot  to the filename,  malicious

	    users can  easily over  write any  files on  the same partition as

	    Incredimail is intalled to.  The file is automatically  downloaded

	    and  copied  to  the  client  machine  when  it accesses a site or

	    e-mail which starts  a download for  the Incredimail file.  If the

	    file already exists it tries to over write it.

	

	    See the exploit example:

	
	        http://irc.m0ss.com/eos/advisories/incredimailexploit

	        http://x42.com/test/calc.jpg

	

	    This webpage  will simply  create a  file on  C: (depends on which

	    partition you installed Incredimail) named Obscure.dat.

	

	

SOLUTION

	    Nothing yet.

	


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH