Outlook Mailto URL:vulnerabilty

["clancy carlson" <clancy_carlson () hotmail com>]

All,
I have been trying to write an exploit for the Outlook Mailto URL 
vulnerability, but have been unsuccesfull up to this point.  I have tried on 
both and windows 2000 and windows XP machine using Outlook 2002.  All of the 
proof of concept codes and other documentation does not seemt o work.
I consistently receive an error of invalid switch parameter when attempting 
to use<html>

<body>
<!-- This is the exploit string. -->
<img src="mailto:aa&quot; /select
javascript:alert('vulnerable')">
</body>
</html>

utlilizing the select switch consistently produces the same error.  There 
does not seem to be a way to get Outlook to receive the proper command 
string.   Is this potential vulnerabiity exploitable?  Does anyone have any 
suggestions on how to move forward?

thanks,

Clancy

_________________________________________________________________
Persistent heartburn? Check out Digestive Health & Wellness for information 
and advice. http://gerd.msn.com/default.asp