Home page logo

fulldisclosure logo Full Disclosure mailing list archives

RE: outbind in MS outlook
From: Stephen Taylor <staylo () agccs lmco com>
Date: Thu, 29 Jul 2004 14:21:23 -0400

Thank you very much.  I don't get into the details but now I know a little
bit more to help me evaluate what I do see.

-----Original Message-----
From: Kristian Lyngstøl [mailto:nesquik () bohemians org]
Sent: Thursday, July 29, 2004 2:03 PM
To: staylo () agccs lmco com
Subject: Re: outbind in MS outlook

I am not subscribed to full-discolosure with my personal address (or
so forgive the lack of a copy of your mail :)

Anyway, what you are seeing is normal.

This is actually a bug in the html-code written by the spammer

In the lack of a <handler>:// in an URL, any browser will (or should)
assume that the link is relative to the path it is currently reading from.

So since the link code is only <a href="www.link.com">link</a>, not
<a href="http://www.link.com";>link</a>, the browser will assume this is
relative to the mailbox it is reading it in. (outbind://...)

You will see the same problem on web sites if they omit the http:// in

If www.siteA.com tries to link to www.siteB.com only using
<a href="www.siteB.com">, the browser will look for

Kristian Lyngstøl
Telenor SOC

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
  • RE: outbind in MS outlook Stephen Taylor (Jul 30)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]