Vulnerability Development mailing list archives

Re: Outlook HTML VBS (demo)

From: karl.prentner () WORLDSPAN COM (Prentner, Karl)
Date: Mon, 22 May 2000 08:36:12 -0400


This executed in Lotus Notes release 5.0.2a also. No scripts alowed!

                    Blue Boar
                    <BlueBoar@THIEVCO.        To:     VULN-DEV () SECURITYFOCUS COM
                    COM>                      cc:
                    Sent by: VULN-DEV         Subject:     Re: Outlook HTML VBS (demo)
                    List
                    <VULN-DEV@SECURITY
                    FOCUS.COM>

                    05/21/2000 10:27
                    PM
                    Please respond to
                    Blue Boar

Heh.  Pretty good.  Just previewing the note popped the alert.
Netscape messenger 4.6.  Makes sense I suppose, it's just trying
to "display" the HTML.  I assume the note is still sandboxed, and
can't do anything terribly interesting? (Other than whatever browser
holes are in the version used to read it.)

Any Javascript experts?  Is there a Netscape API for going through the
mailbox?

                                                    BB

Current thread:

Re: Outlook HTML VBS (DEMO) Marc (May 21)
- <Possible follow-ups>
- Re: Outlook HTML VBS (demo) Prentner, Karl (May 22)
  - Re: Outlook HTML VBS (demo) Neuronix (May 21)
  - Audio interview with Rain Forest Puppy on full disclosure and Microsoft now available. Alfred Huger (May 23)