Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Vs: Re: Outlook HTML VBS (demo)

From: marko.ernvall () SAUNALAHTI FI (Marko Ernvall)
Date: Mon, 22 May 2000 21:10:55 +0300

Well, the code Masial sent was pretty old and obvious.
It was a common (lame) joke to send an e-mail with embedded 
javascript which opens about hundred new windows when
recipient clicked the message. Basically it is what you see
in some annoying websites. Ad there, another there...
pop, pop, pop...

What caught my attention was what PCbob said,
that the signature was invalid. My e-mail client didn't 
execute the embedded script, of course, but the 
message was marked as valid rsa signature, no
encryption. And I mean the message sent in 
by Masial.

  ----- Alkuperäinen viesti ----- 
  Lähettäjä: PCbob - Slobodan miskoviC 
  Vastaanottaja: VULN-DEV () SECURITYFOCUS COM 
  Lähetetty: 22. toukokuuta 2000 9:09
  Aihe: Re: Outlook HTML VBS (demo)

  Blue Boar wrote:
  >
  > Heh.  Pretty good.  Just previewing the note popped the alert.
  > Netscape messenger 4.6.  Makes sense I suppose, it's just trying
  > to "display" the HTML.  I assume the note is still sandboxed, and
  > can't do anything terribly interesting? (Other than whatever browser
  > holes are in the version used to read it.)

  My netscape (4.7) for linux didn't open e-mail at all - it just showed
  that signature (encription) was invalid

  i have js disabled for mail & news, so it may be it

  bye
Previous By Date Next
Previous By Thread Next

Current thread: