|
Vulnerability Development
mailing list archives
Outlook Mailto URL:vulnerabilty
From: "clancy carlson" <clancy_carlson () hotmail com>
Date: Fri, 02 Apr 2004 09:17:45 -0500
All,
I have been trying to write an exploit for the Outlook Mailto URL
vulnerability, but have been unsuccesfull up to this point. I have tried on
both and windows 2000 and windows XP machine using Outlook 2002. All of the
proof of concept codes and other documentation does not seemt o work.
I consistently receive an error of invalid switch parameter when attempting
to use<html>
<body>
<!-- This is the exploit string. -->
<img src="mailto:aa" /select
javascript:alert('vulnerable')">
</body>
</html>
utlilizing the select switch consistently produces the same error. There
does not seem to be a way to get Outlook to receive the proper command
string. Is this potential vulnerabiity exploitable? Does anyone have any
suggestions on how to move forward?
thanks,
Clancy
_________________________________________________________________
Persistent heartburn? Check out Digestive Health & Wellness for information
and advice. http://gerd.msn.com/default.asp
 By Date 
By Thread
Current thread:
- Outlook Mailto URL:vulnerabilty clancy carlson (Apr 02)
|
Intro
