Vulnerability Development mailing list archives
Re: MS Outlook javascript parsing bug
From: dreed () AWD COM (Reed, David)
Date: Wed, 10 Nov 1999 11:23:18 -0600
Mikael, The only thing I had to change was the reload() line to reflect <script language="JavaScript1.2"> document.location.reload(); </script> in the source of my signature, before I sent it to a developer (for giggles) who has the (mis?)fortune of telecommuting today... It didn't DoS the box, but it took Outlook 98 with it. :) He called to whine and asked how big the @#$(ing picture I sent him was; his ISDN wasn't liking it. Heh. I did manage to nuke myself, too; running Outlook 2000.
-----Original Message----- From: Mikael Olsson [mailto:mikael.olsson () ENTERNET SE] Sent: Wednesday, November 10, 1999 05:05 To: VULN-DEV () SECURITYFOCUS COM Subject: Re: MS Outlook javascript parsing bug Update: Several people have responded to me saying that they have no problems with this. One possible problem causer could be the preview pane; the crashes I've witnessed all had the preview pane activated. Also, the version of MSIE installed would probably affect the outcome. (No, sorry, I don't have the version numbers handy right now). /Mike Mikael Olsson wrote:It seems that MS Outlook 8.5.5104.6 screws up when displaying the following string in a mail message: <javascript:location.reload()> Note that you do NOT need to click it, just displaying the mail message will crash Outlook. The results are completely unpredictable, everything from hanging, crashing or complaining about not being able to display a particular font or complaining about being out of memory?!?!?! Anyone care to do anything fun with it other than spam mailing people to create a big 'ole DoS? :-) Just my $.02 /Mike -- Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK Phone: +46-(0)660-105 50 Fax: +46-(0)660-122 50 Mobile: +46-(0)70-248 00 33 WWW: http://www.enternet.se E-mail: mikael.olsson () enternet se-- Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK Phone: +46-(0)660-105 50 Fax: +46-(0)660-122 50 Mobile: +46-(0)70-248 00 33 WWW: http://www.enternet.se E-mail: mikael.olsson () enternet se
<!-- body="end" --> <HR> <UL> <LI><STRONG>Next message:</STRONG> Larry W. Cashdollar: "Re: Open Port on Win98 box" <LI><STRONG>Previous message:</STRONG> tschweikle () FIDUCIA DE: "Re: Open Port on Win98 box" <LI><STRONG>Maybe in reply to:</STRONG> tschweikle () FIDUCIA DE: "Open Port on Win98 box" </UL> <HR> <SMALL> This archive was generated by hypermail 2.0b3 on Sat Nov 13 1999 - 11:51:00 CST</EM> </EM> </SMALL> </BODY> </HTML>
Current thread:
- Open Port on Win98 box, (continued)
- Open Port on Win98 box tschweikle () FIDUCIA DE (Nov 10)
- Re: Open Port on Win98 box Marc Esipovich (Nov 09)
- Re: Open Port on Win98 box Marc Esipovich (Nov 09)
- Re: Open Port on Win98 box Mike Bush (Nov 13)
- Re: Open Port on Win98 box Marc Esipovich (Nov 09)
- Re: Open Port on Win98 box Blue Boar (Nov 10)
- Re: Open Port on Win98 box Dragos Ruiu (Nov 10)
- minor (?) mc bug m4rcyS (Nov 10)
- Re: minor (?) mc bug Blue Boar (Nov 13)
- potential chage ovf m4rcyS (Nov 17)
- Open Port on Win98 box tschweikle () FIDUCIA DE (Nov 10)