Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: MS Outlook javascript parsing bug

From: mikael.olsson () ENTERNET SE (Mikael Olsson)
Date: Wed, 10 Nov 1999 12:04:59 +0100

Update:

Several people have responded to me saying that they have no
problems with this.

One possible problem causer could be the preview pane; the
crashes I've witnessed all had the preview pane activated.

Also, the version of MSIE installed would probably affect
the outcome. (No, sorry, I don't have the version numbers
handy right now).

/Mike

Mikael Olsson wrote:


It seems that MS Outlook 8.5.5104.6 screws up when displaying the
following string in a mail message:

<javascript:location.reload()>

Note that you do NOT need to click it, just displaying the mail
message will crash Outlook.

The results are completely unpredictable, everything from hanging,
crashing or complaining about not being able to display a
particular font or complaining about being out of memory?!?!?!

Anyone care to do anything fun with it other than spam mailing
people to create a big 'ole DoS? :-)

Just my $.02
/Mike

--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46-(0)660-105 50           Fax: +46-(0)660-122 50
Mobile: +46-(0)70-248 00 33
WWW: http://www.enternet.se        E-mail: mikael.olsson () enternet se


--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46-(0)660-105 50           Fax: +46-(0)660-122 50
Mobile: +46-(0)70-248 00 33
WWW: http://www.enternet.se        E-mail: mikael.olsson () enternet se
Previous By Date Next
Previous By Thread Next

Current thread: