Vulnerability Development mailing list archives
Outlook Mailto URL:vulnerabilty
From: "clancy carlson" <clancy_carlson () hotmail com>
Date: Fri, 02 Apr 2004 09:17:45 -0500
All,I have been trying to write an exploit for the Outlook Mailto URL vulnerability, but have been unsuccesfull up to this point. I have tried on both and windows 2000 and windows XP machine using Outlook 2002. All of the proof of concept codes and other documentation does not seemt o work. I consistently receive an error of invalid switch parameter when attempting to use<html>
<body> <!-- This is the exploit string. --> <img src="mailto:aa" /select javascript:alert('vulnerable')"> </body> </html>utlilizing the select switch consistently produces the same error. There does not seem to be a way to get Outlook to receive the proper command string. Is this potential vulnerabiity exploitable? Does anyone have any suggestions on how to move forward?
thanks, Clancy _________________________________________________________________Persistent heartburn? Check out Digestive Health & Wellness for information and advice. http://gerd.msn.com/default.asp
Current thread:
- Outlook Mailto URL:vulnerabilty clancy carlson (Apr 02)
- <Possible follow-ups>
- Re: Outlook Mailto URL:vulnerabilty Seamus Grimes (Apr 05)
- Re: Re: Outlook Mailto URL:vulnerabilty clancy carlson (Apr 06)