[原文]Seattle Labs Emurl 2.0, and possibly earlier versions, stores e-mail attachments in a specific directory with scripting enabled, which allows a malicious ASP file attachment to execute when the recipient opens the message.
Posted to NTBugtraq July 28, 1999 by Oisin Grehan <oisin@LABYRINTH.IE>.
Seattle Lab Software Emurl 2.0
Microsoft Windows NT 4.0
Emurl places attachments received via email into a folder that is accessible via http and marked 'scriptable'. Because of this it can be possible for an attacker send attachments containing hostile asp or similar scripting code to an email address on the target server. This code will then be executed by the webserver when the recipient reads their email.
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: email@example.com.