Bugtraq mailing list archives
Re: HTML email "bug", of sorts.
From: thomas.rowe () bankofamerica com
Date: Sat, 18 Aug 2001 23:10:36 -0400
Alex Prestin wrote: snip
See it? A web bug. If I opened this mail in an HTML-capable browser, that little image would've popped up and I would've been none the wiser. My address would also have been verified by the sender, and stored in a large database of valid recipients.
snip And if you were running WinNT 4 and that referrer pointed to a server advertising a share, NT would send your username and password to try to log you on without your knowledge. It could be grabbed and sent back to your machine, logon, and the atttacker would have all rights to your machince and network that the ID you're using has. (as I've mentioned before, MS has known about this hole since before SP2) Cheers Thomas Rowe Systems Engineer, LDI Bank of America Atlanta, GA
Current thread:
- Re: HTML email "bug", of sorts. thomas . rowe (Aug 19)
- Re: HTML email "bug", of sorts. Thor (Aug 19)
- RE: HTML email "bug", of sorts. David LeBlanc (Aug 20)
- <Possible follow-ups>
- Re: HTML email "bug", of sorts. james_kelley (Aug 19)
- Re: HTML email "bug", of sorts. Alex Prestin (Aug 19)
- Re[2]: HTML email "bug", of sorts. Walter Hop (Aug 20)
- Re[2]: HTML email "bug", of sorts. Mark Tinberg (Aug 20)
- Re: HTML email "bug", of sorts. Peter W (Aug 21)
- Re[2]: HTML email "bug", of sorts. Walter Hop (Aug 20)
- Re: HTML email "bug", of sorts. Bear Giles (Aug 20)
- Re: HTML email "bug", of sorts. Sean Straw / PSE (Aug 21)
- Re: HTML email "bug", of sorts. Curt Sampson (Aug 21)