Wednesday, November 23, 2005

MIME Exploits

Many email programs, such as Microsoft Outlook, use MIME (Multipurpose Internet Mail Extensions) to send and receive non-ASCII messages that include content such as audio, graphics, and video. Microsoft Internet Explorer also integrates with MIME, handling email content when an email program receives an HTML (Hypertext Markup Language)-formatted message. In a process called MIME header parsing, IE performs certain actions as defined in the file headers, such as instructing programs (Windows Media Player, for instance) to execute certain content when received.
Blended threats prey on a hole peculiar to this process that causes some versions of IE to instruct the wrong application to execute the embedded instructions. Because this process occurs automatically and quickly (oftentimes, a victim only needs to open or preview an email message), the worm’s behavior remains hidden.


Post a Comment

<< Home