Par to sīkāk lasam turpinājumā…
Here is an outline of the steps needed to exploit this problem:
1. An IFRAME tag is inserted into an HTML email message that references a Windows Media Skin (.WMS) file. The .WMS can be loaded either from a Web site or from an attached file to the email message using the CID: protocol.
(Note: I have only tested downloading a .WMS file from a Web site.)
2. Because .WMS files are considered safe by Windows, WMP will automatically be started by Outlook and it will be passed the .WMS file.
1. Other WMP file types besides a Windows Media skin file can be used in step 1. These file types include .WMZ, .WMD, and .WMA files.
2. This problem is more of an example of poor security policies in Outlook and WMP and is not really a security hole in the classic sense.
3. Outlook Express and earlier versions of Outlook likely have the same security problem even with all security protections set to the maximum.
4. Hotmail however does not seem to have this security problem because it discards IFRAME tags. Other Web-based email systems however would have the same security problem as Outlook if they do not do filtering of IFRAMEs.
1. Outlook 2002 should not execute files downloaded by an HTML IFRAME tag. All file types except for HTML, text, and image files should be discarded by Outlook 2002 if used in an IFRAME.
2. All WMP file types (.ASX, .WMS, .WMZ, .WMD, .WMA, etc.) should not be marked safe for opening since many of them can contain script code.
The only work-around that I am aware of is to manually mark each Windows Media file type as not safe-for-opening. This process is going to be prone to errors since there are about 10 file types that need to fixed.
Richard M. Smith