Rit Research Labs "The Bat!" X-BAT-FILES Vulnerabilities

BID:1029

Info

Rit Research Labs "The Bat!" X-BAT-FILES Vulnerabilities

Bugtraq ID: 1029
Class: Design Error
CVE:
Remote: Yes
Local: Yes
Published: Mar 05 2000 12:00AM
Updated: Mar 05 2000 12:00AM
Credit: Posted to Bugtraq on March 4, 2000 by 3APA3A <[email protected]>.
Vulnerable: Rit Research Labs The Bat! 1.39
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
Not Vulnerable: Rit Research Labs The Bat! 1.41
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0

Discussion

Rit Research Labs "The Bat!" X-BAT-FILES Vulnerabilities

"The Bat!" is an MUA for Windows by Rit Research Labs. When an attachment is sent to a "The Bat!" user, the software saves the attachment in a specific folder on the system. The path to that folder is then added to the incoming message in the form of a pseudo-header called X-BAT-FILES.

If the message is then forwarded to another recipient, "The Bat!" will leave the pseudo-header line intact, allowing the recipient to see the default location of all saved email attachments for that user.

Also, it is possible to spoof this header, so that if an email is sent to a "The Bat!" user with an X-BAT-FILES line already in the headers, the software will then attach the specified file if that email is forwarded on. For example, if an email is sent from A to B with
X-BAT-FILES: C:\autoexec.bat
and then the message is forwarded to C, C will receive the message along with a copy of B's autoxec.bat

Exploit / POC

Rit Research Labs "The Bat!" X-BAT-FILES Vulnerabilities

see discussion

References

Rit Research Labs "The Bat!" X-BAT-FILES Vulnerabilities

References:

© CVE.report 2026

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report