MIME Vulnerabilities Rear Up Again
Dark Reading | December 8, 2006
by Tim Wilson, Site Editor
Email attachments that use the popular MIME standard could contain malware that bypasses some of the industry’s best-known antivirus filters, a security researcher said yesterday.
…”If you come across a character that isn’t a part of your alphabet, you’re supposed to ignore it and move on,” the SANS Institute says. “The problem arises when an AV engine doesn’t follow this standard, but the email program does. The AV engine doesn’t scan the attachment properly, but the email program presents the fully-decoded attachment for the end-user’s clicking pleasure.”
In simpler terms, the discovery means that some AV apps could allow users to receive attachments infected with malware — even malware that isn’t zero-day.