advisories ... Incredimail allows automatic over writing of files on your hard disk.

 

user comments
name
email
comments
 
smtp relay check
mailserver:
e-mail:
more info
translate to ...
language:
 
[1] . [2] . [3] . [4] . [5] . [6] . [7] . [8]
EyeonSecurity
Nekromantic
EyeonSecurity Forums
Ob5cureDotCom
elfqrin swg help net security
frame4 security hacker gurus computerglitch
gotr00t b0iler hackinthebox
nekromantic.com astalavista.net wand products
security-protocols
adv-knowledge rootshell wbglinks
security.nnov.ru
 
Copyright © 2001,2002 eyeonsecurity Inc., All Rights Reserved. No portions of eyeonsecurity may be used without express, written permission
 
Advisory Title: Incredimail allows automatic over writing of files on your hard disk
Release Date: 05/08/2001

Application: Incredimail

Platform: Windows NT4
Windows 2000
Windows 9x/me

Build: 1400185 .. possibly earlier builds as well

Severity: Malicious users can easily over write system files.

Author: Obscure^ [obscure@eyeonsecurity.org]

Vendor Status: Informed on 08 May 2001, issues a fix on 17th May 2001.


Web:

http://www.eyeonsecurity.org
http://www.incredimail.com

Background.

(extracted from
http://www.incredimail.com/english/what.html)

IncrediMail is an advanced email program that offers you,
the user, an unprecedented interactive experience. With
IncrediMail you can tailor your emails according to your
mood and personality. Visual effects will entertain your
every sense. Go ahead. Express yourself like you never
did before!

My comments: Incredimail does really look quite cool, with
animations similar to the e-mail on Mission Impossible,
plus it's free.


Problem.

Users can specify the filename of the skin, notifyer, animation etc
This is specified in a text file called Content.ini, which is
found in the compressed skin or animation.
By appending the traditional dot dot to the filename, malicious users
can easily over write any files on the same partition as Incredimail
is intalled to.
The file is automatically downloaded and copied to the client
machine when it accesses a site or e-mail which starts a download
for the Incredimail file. If the file already exists it tries
to over write it.

See the exploit example.


Exploit Example.

https://www.eyeonsecurity.org/advisories/incredimail/exploit.html
This webpage will simply create a file on C: (depends on which
partition you installed Incredimail) named Obscure.dat.


Fix

http://www.incredimail.com/


Disclaimer.

The information within this document may change without notice. Use of
this information constitutes acceptance for use in an AS IS
condition. There are NO warranties with regard to this information.
In no event shall the author be liable for any consequences whatsoever
arising out of or in connection with the use or spread of this
information. Any use of this information lays within the user's
responsibility.


Feedback.

Please send suggestions, updates, and comments to:

Eye on Security
mail:obscure@eyeonsecurity.org
http://www.eyeonsecurity.org