VULHUB ™

An issue has been discovered which involves Symantec Norton AntiVirus 2002 incoming email scanning protection feature. Using conflicting MIME headers, it is possible to rename a file to an excluded filetype in the Content-Type field, and include the original filename in the Content-Disposition field, resulting in the execution of the file by the appropriate application. For example: Content-Type: application/msword;name=\filename.nch Content-Transfer-Encoding: base64 Content-Disposition: attachment;filename=\filename.doc Norton will detect the attachment as a .nch file, however Microsoft Office will detect the .doc extension and handle it as such. If the .doc attachment happens to be a Word macro virus, it will execute on the user's sytem.

An issue has been discovered which involves Symantec Norton AntiVirus 2002 incoming email scanning protection feature. Using conflicting MIME headers, it is possible to rename a file to an excluded filetype in the Content-Type field, and include the original filename in the Content-Disposition field, resulting in the execution of the file by the appropriate application. For example: Content-Type: application/msword;name=\filename.nch Content-Transfer-Encoding: base64 Content-Disposition: attachment;filename=\filename.doc Norton will detect the attachment as a .nch file, however Microsoft Office will detect the .doc extension and handle it as such. If the .doc attachment happens to be a Word macro virus, it will execute on the user's sytem.