Truncated long subject lines
John Wilcock
john at TRADOC.FR
Thu Sep 16 09:18:55 IST 2004
On Thu, 16 Sep 2004 08:46:24 +0100, Julian Field wrote:
> This is intentional behaviour, I'm afraid.
> If you get an attachment that happens not to have a filename, Outlook (and
> OE) give it a filename which is a copy of the subject line. So all the
> exploits that you can perform in attachment filenames can also be triggered
> by putting the nasty filename in the subject line of the message instead.
>
> So I have to do a load of mangling on the subject line (particularly very
> long subject lines) to avoid exploits against the attachments.
Wouldn't it be easier (and less disruptive) to name any nameless
attachments instead?
John.
--
-- Over 2500 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages - www.tradoc.fr
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
More information about the MailScanner
mailing list