[Mimedefang] Browser Bug: Very bad in IE and varies on Netscapeand Mozilla
Kevin A. McGrail
kmcgrail at pccc.com
Sat Dec 20 00:28:22 EST 2003
> All that said, this rule probably won't handle the case where an actual \0
or
> \1 is embedded in the message (although I suspect those are unlikely to
make
> it through the MTA or, perhaps, MD's suspicious characters tests).
Why would a \0 or \1 be dangerous in a normal email message? In this
particular case, I believe it's just a display issue that unfortunately can
be exploited quite heavily.
KAM
More information about the MIMEDefang
mailing list