‘Hot’ Email Vulnerability

January 25, 2006 on 8:00 am | In Linux, Security |

Just received the SecurityFocus Linux Newsletter #269. Check out the latest email vulunerability:

3. Mozilla Thunderbird File Attachment Spoofing Vulnerability
BugTraq ID: 16271
Remote: Yes
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16271
Summary:
Mozilla Thunderbird is prone to a file attachment spoofing vulnerability.

Successful exploitation may allow attackers to place malicious files on a user’s computer by tricking users into saving seemingly safe attachments. If the user subsequently opens the file, this vulnerability may facilitate arbitrary code execution in the context of the user.

Thunderbird versions prior to 1.5 are affected.

Hmm…. You’d think they’d have noticed this years ago, right? ;) Secunia’s description of the vuln:

3) Description of Vulnerability

Secunia Research has discovered a vulnerability in Thunderbird, which
can be exploited by malicious people to trick users into executing
arbitrary programs.

The vulnerability is caused due to attachments not being displayed
correctly in mails. This can be exploited to spoof the file extension
and the associated file type icon via a combination of overly long
filenames containing whitespaces and “Content-Type” headers not
matching the file extension.

Successful exploitation may lead to malware being saved to e.g. the
desktop.

NOTE: Attachments can be saved by dragging the attachment, or using
the “Save As…” or “Save All…” functionality. For files on the
desktop the icon can be spoofed if it e.g. is a “.exe” or
“.lnk” file.

The vulnerability has been confirmed in versions 1.0.2, 1.0.6, and
1.0.7 for Microsoft Windows. Other versions may also be affected.

Looks like spammers are reinventing the wheel - slightly more complicated than I thought it was, but still trying to fool the less security-minded user into downloading malware. It’s on an eternal loop….

  1. Will they ever stop trying this method?
  2. Will we ever stop downloading those attachments?

4 Comments »

RSS feed for comments on this post. TrackBack URI

  1. yay - I’m safe. Not only am I a Linux user and have Thunderbird 1.5, but I tend not to open dodgy attachments.

    Ray 1 Spammers/Nutters 0

    Comment by ray — January 25, 2006 #
    Using Mozilla Firefox Mozilla Firefox 1.0.7 on Windows Windows XP

  2. Hehe - me too! I tend not to even receive those dodgy attachments ;)
    Max 500 | Spammers/Nutters 0

    Comment by J_K9 — January 25, 2006 #
    Using Mozilla Firefox Mozilla Firefox 1.5 on Windows Windows XP

  3. Phentermine….

    Phentermine. Phentermine prozac….

    Trackback by Phentermine 37 5mg. — May 29, 2008 #
    Using Unknown browser

  4. Mother son incest pictures….

    Free incest….

    Trackback by 3d amanda incest. — July 21, 2008 #
    Using Unknown browser

Leave a comment

XHTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>

Powered by WordPress with Pool theme.
Entries and comments feeds. Valid XHTML and CSS. ^Top^
0.319 seconds.

Loans - Credit Card - Mortgages - Scottsdale Landscaping