Date: Wed, 29 Jul 1998 10:04:05 +0200 From: Paul Boehm Subject: Re: netscape mail overflow(another one) On Tue, Jul 28, 1998 at 08:21:41PM +0200, Paul Boehm wrote: > Hi, > netscape mail crashes when trying to the attachment ^- save > from the following pseudo mime mail: sorry for posting twice, but this is extremly important for the understanding of the original mail. bye, pb -- [ Paul S. Boehm | paul@boehm.priv.at | http://paul.boehm.org/ | infected@irc ] Money is what gives a programmer his resources. It's an exchange system created by human beings. It surrounds us. Works for us, binds the economy together. ---------- Date: Tue, 28 Jul 1998 20:21:41 +0200 From: Paul Boehm Subject: netscape mail overflow(another one) Hi, netscape mail crashes when trying to the attachment from the following pseudo mime mail: From: Paul Boehm To: paul@boehm.org Subject: test Mime-Version: 1.0 Content-Type: AAAAAAAAAAAAAAAAAAAAAA...; boundary=ABC123 --ABC123 Content-Type: text/plain; charset=us-ascii test123 --ABC123 Content-Type: application/octet-stream Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="AA" H4sIAA7jvDUAA+3OOQ6EQBBD0Y45hY9QJejiPI1EBhJiuT+LiEeaAEj+SxzYgdfR09PcLMyU JLURdzZX3hopcm49vD6Ks/acZI8/O2zLWmYpTWUbfu/6+Y0/L+uGUn39AQAAAAAAAAAAAAAA AADwvx2CTC7aACgAAA== --ABC-- i suppose this is exploitable, but i don't really know. i only tested this with win95 netscape 4.05. bye, paul -- [ Paul S. Boehm | paul@boehm.priv.at | http://paul.boehm.org/ | infected@irc ] Money is what gives a programmer his resources. It's an exchange system created by human beings. It surrounds us. Works for us, binds the economy together. ---------- Date: Wed, 29 Jul 1998 10:34:04 -0700 From: pedward@WEBCOM.COM Subject: Re: netscape mail overflow(another one) Netscape mail for Windows has an overflow in the body. This is evident when a spammer sends one of our customers a message with the text all on one line. You can reproduce by putting 32768 characters in a line, mail it to yourself, and try to download. Netscape chokes when reading the POP box and refuses to fetch the message. I just use netscape mail for Unix and the problem doesn't exist (gee, I wonder why :>) --Perry