BugTraq
TEXT/PLAIN: ALERT("OUTLOOK EXPRESS") Jul 25 2003 05:42PM
http-equiv@excite.com (1 malware com) (2 replies)
Re: TEXT/PLAIN: ALERT("OUTLOOK EXPRESS") Jul 28 2003 08:00AM
Fabio Pietrosanti (naif) (fabio pietrosanti it)
Re: TEXT/PLAIN: ALERT("OUTLOOK EXPRESS") Jul 25 2003 06:35PM
Denis Jedig (seclists syneticon de) (3 replies)
Re: TEXT/PLAIN: ALERT("OUTLOOK EXPRESS") Jul 28 2003 09:02AM
pre (pre geekgang co uk)
Quoting Denis Jedig <seclists (at) syneticon (dot) de [email concealed]>:

> http-equiv (at) excite (dot) com [email concealed] wrote:
> > Content-Type: text/plain;
> > [...]
> > <img dynsrc=javascript:alert()><font color=red>foo
> >
> > The above is a legitimate RFC822 mail message in plain text.
> > Ordinarily one would require an html mail message [Content-Type:
> > text/html;] to parse html and scripting.
>
> Internet Explorer seems to take no offense on Content-Types either -
> text/plain from a web server is happily rendered as HTML, if it contains
> valid tags.
>

Yes, it's a well known security hole that Microsoft has refused or is unable to fix.

I (and others) have reported this issue over the last few years. MS acknowledge
the problem but will not fix it.

Advisory at: http://www.geekgang.co.uk/adv/gsa2002-01.txt

I recommend against using IE and Outlook in any kind of sensitive environment.

.pre

[ reply ]
Re: TEXT/PLAIN: ALERT("OUTLOOK EXPRESS") Jul 27 2003 10:13AM
Stephen Cope (mail nonsense kimihia org nz) (1 replies)
Re: TEXT/PLAIN: ALERT("OUTLOOK EXPRESS") Jul 29 2003 08:53AM
pre (pre geekgang co uk)
Re: TEXT/PLAIN: ALERT("OUTLOOK EXPRESS") Jul 26 2003 02:59AM
Kee Hinckley (nazgul somewhere com)


 

Privacy Statement
Copyright 2010, SecurityFocus