Vulnerability Development mailing list archives

Re: Outlook HTML VBS (demo)

From: neuronix () BIGFOOT COM (Neuronix)
Date: Sun, 21 May 2000 22:09:39 -0300


"Prentner, Karl" wrote:


This executed in Lotus Notes release 5.0.2a also. No scripts alowed!


Heh.  Pretty good.  Just previewing the note popped the alert.
Netscape messenger 4.6.  Makes sense I suppose, it's just trying
to "display" the HTML.  I assume the note is still sandboxed, and
can't do anything terribly interesting? (Other than whatever browser
holes are in the version used to read it.)


  Hehe. In Netscape 4.72 (!) too. But may be nothing more sophisticated
than this (?).

  Watching the code in your msg seems simple and allowed JS. Am I wrong?

--
[]'s
___________________________________________________________
--{ neuronix-----------------------------------------------}
--{ SegFault Inds.-----------------------------------------}
------------------------------------------------------------
"The future of digital systems is complexity, and complexity
is the worst enemy of security."
                        -- Bruce Schneier

Current thread:

Re: Outlook HTML VBS (DEMO) Marc (May 21)
- <Possible follow-ups>
- Re: Outlook HTML VBS (demo) Prentner, Karl (May 22)
  - Re: Outlook HTML VBS (demo) Neuronix (May 21)
  - Audio interview with Rain Forest Puppy on full disclosure and Microsoft now available. Alfred Huger (May 23)