[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Yahoo messenger file extension spoof vulnerability

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Yahoo messenger file extension spoof vulnerability
From: Ivan Ivan <ivancool2003@xxxxxxxxxxxx>
Date: Fri, 4 Aug 2006 06:34:22 +0000 (GMT)

Hi, i discover a possible file name extension spoofing in yahoo messenger 
8.0.0.863 (lastest),obviously this requires that the option "Hide extension for 
known file types" is enabled in Windows, you need to send a file with this name 
for example: Annakournikova and her 
friends.jpg????????????????????????????????????????.exe or 
Trojan.txt????????????????.exe Info.txt??????????????.exe The ? characters hide 
the extension.
                
---------------------------------
 Preguntá. Respondé. Descubrí.
 Todo lo que querías saber, y lo que ni imaginabas,
 está en Yahoo! Respuestas (Beta).
 Probalo ya!

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] Attacking the local LAN via XSS
Next by Date: Re: [Full-disclosure] Attacking the local LAN via XSS
Previous by thread: [Full-disclosure] [SECURITY] [DSA 1142-1] New freeciv packages fix arbitrary code execution
Next by thread: [Full-disclosure] [SECURITY] [DSA 1143-1] New dhcp packages fix denial of service
Index(es):
- Date
- Thread