Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Windows Net Apps :: win5613.htm

Qualcomm Eudora attachment spoof

9th Aug 2002 [SBWID-5613]

	Qualcomm Eudora attachment spoof


	Eudora 5.1


	Paul Szabo [] from the school  of  Mathematics  and
	Statistics              University               of               Sydney
	[] says :
	A message may refer to attachments of other messages, or  to  any  other
	file. Works well: proper icon, warns "the  file  may  contain  programs"
	when run:
	Attachment Converted: "c:\winnt\system32\calc.exe"
	Seems "dot  bug"  (filename  ending  with  dot)  is  a  general  Windows
	Executes without warning (icon OK):
	Attachment Converted: "c:\winnt\system32\calc.exe."
	Shows README.txt as  attachment  name,  broken  icon,  executes  without
	warning; but if you already have a README.txt then shows  its  icon  and
	"runs" that:
	Attachment Converted: "c:\winnt\system32\calc.exe." "\README.txt"
	In all cases, the true address is shown in bottom line of window.
	As a matter of curiosity, Eudora goes "funny" with an unquoted '>':
	Attachment Converted: "c:\winnt\system32\calc.exe" > "\README.txt"
	Attachment Converted: "c:\winnt\system32\calc.exe" > "README.txt"
	My attachment directory is  H:\Windows\.eudora\attach;  is  the  default
	setting "C:\Program Files\Qualcomm\Eudora\attach"? Can we find  out  the
	recipient's settings ( does  not
	work with Eudora 5.1)?
	Suppose I send an attachment "GAME.exe", and  hope  the  recipient  does
	not already have an attachment named "GAME.text", then may  be  able  to
	entice him to click and have the exe run: say  something  like  what  an
	interesting game, and be sure to read the description  even  if  you  do
	not      want      to      play:      #      Attachment       Converted:
	"h:\windows\.eudora\attach\GAME.exe."      "\GAME.text"       Attachment
	Converted: "h:\windows\.eudora\attach\GAME.exe." "\GAME.text" Also  send
	the real attachment (should be encoded exe  to  take  over  the  world),
	begin 700 GAME.exe
	A curiosity: Eudora is happy to act on a  message  containing  something
	like <x-eudora-option:xyz=1> (you do not even need the  leading  '>',
	am not sure about the trailing '>'). This requires user interaction,  so
	it may not be a security problem.
	Eudora also has an "issue" with  decodings  and  line  termination.  The
	following message loses a trailing 'r':
	perl -e 'print "Hello\nstranger\n"' | base64-encode
	Content-Type: text/plain; charset=us-ascii
	Content-Transfer-Encoding: base64


	NOthing yet.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH