Vulnerability Development mailing list archives

Re: MS Outlook javascript parsing bug

From: dreed () AWD COM (Reed, David)
Date: Wed, 10 Nov 1999 11:23:18 -0600


Mikael,

The only thing I had to change was the reload() line to reflect

<script language="JavaScript1.2">
document.location.reload();
</script>

in the source of my signature, before I sent it to a developer (for giggles)
who has the (mis?)fortune of telecommuting today...  It didn't DoS the box,
but it took Outlook 98 with it.  :)  He called to whine and asked how big
the @#$(ing picture I sent him was; his ISDN wasn't liking it.  Heh.

I did manage to nuke myself, too; running Outlook 2000.

-----Original Message-----
From: Mikael Olsson [mailto:mikael.olsson () ENTERNET SE]
Sent: Wednesday, November 10, 1999 05:05
To: VULN-DEV () SECURITYFOCUS COM
Subject: Re: MS Outlook javascript parsing bug

Update:

Several people have responded to me saying that they have no
problems with this.

One possible problem causer could be the preview pane; the
crashes I've witnessed all had the preview pane activated.

Also, the version of MSIE installed would probably affect
the outcome. (No, sorry, I don't have the version numbers
handy right now).

/Mike

Mikael Olsson wrote:


It seems that MS Outlook 8.5.5104.6 screws up when displaying the
following string in a mail message:

<javascript:location.reload()>

Note that you do NOT need to click it, just displaying the mail
message will crash Outlook.

The results are completely unpredictable, everything from hanging,
crashing or complaining about not being able to display a
particular font or complaining about being out of memory?!?!?!

Anyone care to do anything fun with it other than spam mailing
people to create a big 'ole DoS? :-)

Just my $.02
/Mike

--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46-(0)660-105 50           Fax: +46-(0)660-122 50
Mobile: +46-(0)70-248 00 33
WWW: http://www.enternet.se        E-mail: mikael.olsson () enternet se


--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46-(0)660-105 50           Fax: +46-(0)660-122 50
Mobile: +46-(0)70-248 00 33
WWW: http://www.enternet.se        E-mail: mikael.olsson () enternet se


<!-- body="end" -->
<HR>

<UL>
<LI><STRONG>Next message:</STRONG> Larry W. Cashdollar: "Re: Open Port on Win98 box"
<LI><STRONG>Previous message:</STRONG> tschweikle () FIDUCIA DE: "Re: Open Port on Win98 box"
<LI><STRONG>Maybe in reply to:</STRONG> tschweikle () FIDUCIA DE: "Open Port on Win98 box"
</UL>
<HR>

<SMALL>

This archive was generated by hypermail 2.0b3 
on Sat Nov 13 1999 - 11:51:00 CST</EM>
</EM>
</SMALL>
</BODY>
</HTML>

Current thread:

Open Port on Win98 box, (continued)
- Open Port on Win98 box tschweikle () FIDUCIA DE (Nov 10)
  - Re: Open Port on Win98 box Marc Esipovich (Nov 09)
    - Re: Open Port on Win98 box Marc Esipovich (Nov 09)
    - Re: Open Port on Win98 box Mike Bush (Nov 13)
  - Re: Open Port on Win98 box Blue Boar (Nov 10)
    - Re: Open Port on Win98 box Dragos Ruiu (Nov 10)
    - minor (?) mc bug m4rcyS (Nov 10)
    - Re: minor (?) mc bug Blue Boar (Nov 13)
    - potential chage ovf m4rcyS (Nov 17)
- Re: MS Outlook javascript parsing bug Mikael Olsson (Nov 10)
- Re: MS Outlook javascript parsing bug Reed, David (Nov 10)