Date: Wed, 4 Apr 2001 15:28:10 +0200
From: "JC (Kriptopolis)" <[email protected]>
To: [email protected]Subject: MS patch Q292108 opens a vulnerability
Hi,
Last MS patch Q290108 released with the bulletin MS01-020 opens a new
vulnerability.
A tricked EML file can confuse the user displaying him a fake downlodaded
file name. Executable files can be disguised as other supposedly inocent
files (text, sound or images).
Demo is available in :
http://www.kriptopolis.com/cua/20010404.html
The issue was reported to MS on 22 february and they argue : this is not a
vulnerability as far as It involves a use decision.
Jesus LСpez de Aguileta has also posted the vulnerability to this list.
Juan Carlos G. Cuartango
