Vulnerability Development mailing list archives
Re: Outlook HTML VBS (demo)
From: neuronix () BIGFOOT COM (Neuronix)
Date: Sun, 21 May 2000 22:09:39 -0300
"Prentner, Karl" wrote:
This executed in Lotus Notes release 5.0.2a also. No scripts alowed! Heh. Pretty good. Just previewing the note popped the alert. Netscape messenger 4.6. Makes sense I suppose, it's just trying to "display" the HTML. I assume the note is still sandboxed, and can't do anything terribly interesting? (Other than whatever browser holes are in the version used to read it.)
Hehe. In Netscape 4.72 (!) too. But may be nothing more sophisticated than this (?). Watching the code in your msg seems simple and allowed JS. Am I wrong? -- []'s ___________________________________________________________ --{ neuronix-----------------------------------------------} --{ SegFault Inds.-----------------------------------------} ------------------------------------------------------------ "The future of digital systems is complexity, and complexity is the worst enemy of security." -- Bruce Schneier
Current thread:
- Re: Outlook HTML VBS (DEMO) Marc (May 21)
- <Possible follow-ups>
- Re: Outlook HTML VBS (demo) Prentner, Karl (May 22)
- Re: Outlook HTML VBS (demo) Neuronix (May 21)
- Audio interview with Rain Forest Puppy on full disclosure and Microsoft now available. Alfred Huger (May 23)