[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] 2 vulnerabilities combine to auto execute received files in Nokia series 60 OS

To: rohit@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] 2 vulnerabilities combine to auto execute received files in Nokia series 60 OS
From: "KF (lists)" <kf_lists@xxxxxxxxxxxxxxxxxxx>
Date: Mon, 24 Jan 2005 10:29:31 -0500

so then the bottom line is that there is a bug. When files are being transfered they should also be identified via the content of the file rather than the extension...

-KF

The second one is also know feature, the file type is not determinated
from the extension but from the content of the file. So a sis package
renamed to an jpeg file still looks from the inside as a sis package and
so the user is prompted for installation.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] 2 vulnerabilities combine to auto execute received files in Nokia series 60 OS
  - From: Valdis . Kletnieks

References:
- [Full-Disclosure] 2 vulnerabilities combine to auto execute received files in Nokia series 60 OS
  - From: rohit

Prev by Date: [Full-Disclosure] SUSE Security Announcement: Realplayer 8 (SUSE-SA:2005:004)
Next by Date: RE: [lists] [Full-Disclosure] Phrack is dead, long live Phrack!
Previous by thread: [Full-Disclosure] 2 vulnerabilities combine to auto execute received files in Nokia series 60 OS
Next by thread: Re: [Full-Disclosure] 2 vulnerabilities combine to auto execute received files in Nokia series 60 OS
Index(es):
- Date
- Thread