Vulnerability Development mailing list archives
Re: Outlook Mailto URL:vulnerabilty
From: Seamus Grimes <shamusgrimes () yahoo com>
Date: 4 Apr 2004 12:16:58 -0000
In-Reply-To: <BAY13-F65PU2pnUgrMb0003f3db () hotmail com> Clancy, I unerstand your problem, I've been working on building a proof of concept for our pen test scripts, but havn't had any luck with it yet. I talked to the developer of the original proof of concept, he's only gotton it working on windows 98 with outlook express. I'll keep you updated if I find anything. Seamus
Received: (qmail 14349 invoked from network); 2 Apr 2004 17:28:37 -0000
Received: from outgoing2.securityfocus.com (205.206.231.26)
by mail.securityfocus.com with SMTP; 2 Apr 2004 17:28:37 -0000
Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 25F65900E7; Fri, 2 Apr 2004 05:30:16 -0700 (MST)
Mailing-List: contact vuln-dev-help () securityfocus com; run by ezmlm
Precedence: bulk
List-Id: <vuln-dev.list-id.securityfocus.com>
List-Post: <mailto:vuln-dev () securityfocus com>
List-Help: <mailto:vuln-dev-help () securityfocus com>
List-Unsubscribe: <mailto:vuln-dev-unsubscribe () securityfocus com>
List-Subscribe: <mailto:vuln-dev-subscribe () securityfocus com>
Delivered-To: mailing list vuln-dev () securityfocus com
Delivered-To: moderator for vuln-dev () securityfocus com
Received: (qmail 29964 invoked from network); 2 Apr 2004 08:08:23 -0000
X-Originating-IP: [216.73.159.62]
X-Originating-Email: [clancy_carlson () hotmail com]
X-Sender: clancy_carlson () hotmail com
From: "clancy carlson" <clancy_carlson () hotmail com>
To: vuln-dev () securityfocus com
Subject: Outlook Mailto URL:vulnerabilty
Date: Fri, 02 Apr 2004 09:17:45 -0500
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: <BAY13-F65PU2pnUgrMb0003f3db () hotmail com>
X-OriginalArrivalTime: 02 Apr 2004 14:17:45.0400 (UTC) FILETIME=[44B7D380:01C418BD]
All,
I have been trying to write an exploit for the Outlook Mailto URL
vulnerability, but have been unsuccesfull up to this point. I have tried on
both and windows 2000 and windows XP machine using Outlook 2002. All of the
proof of concept codes and other documentation does not seemt o work.
I consistently receive an error of invalid switch parameter when attempting
to use<html>
<body>
<!-- This is the exploit string. -->
<img src="mailto:aa" /select
javascript:alert('vulnerable')">
</body>
</html>
utlilizing the select switch consistently produces the same error. There
does not seem to be a way to get Outlook to receive the proper command
string. Is this potential vulnerabiity exploitable? Does anyone have any
suggestions on how to move forward?
thanks,
Clancy
_________________________________________________________________
Persistent heartburn? Check out Digestive Health & Wellness for information
and advice. http://gerd.msn.com/default.asp
Current thread:
- Outlook Mailto URL:vulnerabilty clancy carlson (Apr 02)
- <Possible follow-ups>
- Re: Outlook Mailto URL:vulnerabilty Seamus Grimes (Apr 05)
- Re: Re: Outlook Mailto URL:vulnerabilty clancy carlson (Apr 06)