Vulnerability Development mailing list archives
Re: Outlook Mailto URL:vulnerabilty
From: Seamus Grimes <shamusgrimes () yahoo com>
Date: 4 Apr 2004 12:16:58 -0000
In-Reply-To: <BAY13-F65PU2pnUgrMb0003f3db () hotmail com> Clancy, I unerstand your problem, I've been working on building a proof of concept for our pen test scripts, but havn't had any luck with it yet. I talked to the developer of the original proof of concept, he's only gotton it working on windows 98 with outlook express. I'll keep you updated if I find anything. Seamus
Received: (qmail 14349 invoked from network); 2 Apr 2004 17:28:37 -0000 Received: from outgoing2.securityfocus.com (205.206.231.26) by mail.securityfocus.com with SMTP; 2 Apr 2004 17:28:37 -0000 Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19]) by outgoing2.securityfocus.com (Postfix) with QMQP id 25F65900E7; Fri, 2 Apr 2004 05:30:16 -0700 (MST) Mailing-List: contact vuln-dev-help () securityfocus com; run by ezmlm Precedence: bulk List-Id: <vuln-dev.list-id.securityfocus.com> List-Post: <mailto:vuln-dev () securityfocus com> List-Help: <mailto:vuln-dev-help () securityfocus com> List-Unsubscribe: <mailto:vuln-dev-unsubscribe () securityfocus com> List-Subscribe: <mailto:vuln-dev-subscribe () securityfocus com> Delivered-To: mailing list vuln-dev () securityfocus com Delivered-To: moderator for vuln-dev () securityfocus com Received: (qmail 29964 invoked from network); 2 Apr 2004 08:08:23 -0000 X-Originating-IP: [216.73.159.62] X-Originating-Email: [clancy_carlson () hotmail com] X-Sender: clancy_carlson () hotmail com From: "clancy carlson" <clancy_carlson () hotmail com> To: vuln-dev () securityfocus com Subject: Outlook Mailto URL:vulnerabilty Date: Fri, 02 Apr 2004 09:17:45 -0500 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: <BAY13-F65PU2pnUgrMb0003f3db () hotmail com> X-OriginalArrivalTime: 02 Apr 2004 14:17:45.0400 (UTC) FILETIME=[44B7D380:01C418BD] All, I have been trying to write an exploit for the Outlook Mailto URL vulnerability, but have been unsuccesfull up to this point. I have tried on both and windows 2000 and windows XP machine using Outlook 2002. All of the proof of concept codes and other documentation does not seemt o work. I consistently receive an error of invalid switch parameter when attempting to use<html> <body> <!-- This is the exploit string. --> <img src="mailto:aa" /select javascript:alert('vulnerable')"> </body> </html> utlilizing the select switch consistently produces the same error. There does not seem to be a way to get Outlook to receive the proper command string. Is this potential vulnerabiity exploitable? Does anyone have any suggestions on how to move forward? thanks, Clancy _________________________________________________________________ Persistent heartburn? Check out Digestive Health & Wellness for information and advice. http://gerd.msn.com/default.asp
Current thread:
- Outlook Mailto URL:vulnerabilty clancy carlson (Apr 02)
- <Possible follow-ups>
- Re: Outlook Mailto URL:vulnerabilty Seamus Grimes (Apr 05)
- Re: Re: Outlook Mailto URL:vulnerabilty clancy carlson (Apr 06)