Vulnerability Development mailing list archives
Re: Outlook HTML VBS (demo)
From: jtb () ATEI COM (Jason Brown)
Date: Sun, 21 May 2000 20:58:02 -0500
This popup showed up on my Netscape Messenger (4.73) when I clicked on the email (not even an attachment, just opening the email) yet when I checked the security info regarding the javascript security it says "No applet or script is allowed to access your computer or network without your permission. ". Does that mean my Netscape Messenger is vulnerable to malign javascripts too or is there something I am missing here? Jason Brown jtb () atei com Masial wrote:
The easy way is to build the HTML in notepad with the scripts in it then open the html doc with Word and send the eMail using the little eMail button in word. As you can see, this eMail message would pop a box on a vulnerable outlook and not on those who dont allow scripting. The only function in this demo is an alert() box but it could be pretty much anything. M.-----Original Message----- From: VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM]On Behalf Of Joerg Weber Sent: Sunday, May 21, 2000 12:28 PM To: VULN-DEV () SECURITYFOCUS COM Subject: Outlook, HTML & VBS BB, Everyone, this certainly is a lame question but Outlook isn't exactly myspeciality:) I'm trying to embedd a script into a mail that pops up a MsgBoxtellingthe user (s)he is vulnerable to vbs-scripting virii. Now, attachingthisis sorta lame. So I'm trying to have Outlook execute the script whenthemessage is read. Could someone explain how you create arbitrary HTML code so Outlook renders/executes it? I've that far just been able to use Outlooksbuild-informating features. Thanks everyone! Joerg
Current thread:
- Re: Outlook HTML VBS (demo) Masial (May 21)
- Re: Outlook HTML VBS (demo) Jason Brown (May 21)
- Re: Outlook HTML VBS (demo) Blue Boar (May 21)
- Re: Outlook HTML VBS (demo) PCbob - Slobodan miskoviC (May 21)
- Vs: Re: Outlook HTML VBS (demo) Marko Ernvall (May 22)
- Re: Outlook HTML VBS (demo) Bluefish (May 22)
- Re: Outlook HTML VBS (demo) PCbob - Slobodan miskoviC (May 21)
- <Possible follow-ups>
- Re: Outlook HTML VBS (demo) Hull, Dave (May 22)
- Re: Outlook HTML VBS (demo) Hull, Dave (May 22)
- Windows DoS code (jolt2.c) Phonix Monkey (May 25)
- Re: Windows DoS code (jolt2.c) Matthew S. Hallacy (May 27)
- Re: Windows DoS code (jolt2.c) Brian S. DuRoss (May 27)
- Re: Windows DoS code (jolt2.c) Matthew S. Hallacy (May 27)
- Windows DoS code (jolt2.c) Phonix Monkey (May 25)