|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Outlook Mailto URL:vulnerabilty
From: Seamus Grimes (shamusgrimes
yahoo.com)
Date: Sun Apr 04 2004 - 07:16:58 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
In-Reply-To: <BAY13-F65PU2pnUgrMb0003f3dbhotmail.com>
Clancy,
I unerstand your problem, I've been working on building a proof of concept for our pen test scripts, but havn't had any luck with it yet. I talked to the developer of the original proof of concept, he's only gotton it working on windows 98 with outlook express. I'll keep you updated if I find anything.
Seamus
>Received: (qmail 14349 invoked from network); 2 Apr 2004 17:28:37 -0000
>Received: from outgoing2.securityfocus.com (205.206.231.26)
> by mail.securityfocus.com with SMTP; 2 Apr 2004 17:28:37 -0000
>Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19])
> by outgoing2.securityfocus.com (Postfix) with QMQP
> id 25F65900E7; Fri, 2 Apr 2004 05:30:16 -0700 (MST)
>Mailing-List: contact vuln-dev-helpsecurityfocus.com; run by ezmlm
>Precedence: bulk
>List-Id: <vuln-dev.list-id.securityfocus.com>
>List-Post: <mailto:vuln-devsecurityfocus.com>
>List-Help: <mailto:vuln-dev-helpsecurityfocus.com>
>List-Unsubscribe: <mailto:vuln-dev-unsubscribesecurityfocus.com>
>List-Subscribe: <mailto:vuln-dev-subscribesecurityfocus.com>
>Delivered-To: mailing list vuln-devsecurityfocus.com
>Delivered-To: moderator for vuln-devsecurityfocus.com
>Received: (qmail 29964 invoked from network); 2 Apr 2004 08:08:23 -0000
>X-Originating-IP: [216.73.159.62]
>X-Originating-Email: [clancy_carlsonhotmail.com]
>X-Sender: clancy_carlsonhotmail.com
>From: "clancy carlson" <clancy_carlsonhotmail.com>
>To: vuln-devsecurityfocus.com
>Subject: Outlook Mailto URL:vulnerabilty
>Date: Fri, 02 Apr 2004 09:17:45 -0500
>Mime-Version: 1.0
>Content-Type: text/plain; format=flowed
>Message-ID: <BAY13-F65PU2pnUgrMb0003f3dbhotmail.com>
>X-OriginalArrivalTime: 02 Apr 2004 14:17:45.0400 (UTC) FILETIME=[44B7D380:01C418BD]
>
>All,
>I have been trying to write an exploit for the Outlook Mailto URL
>vulnerability, but have been unsuccesfull up to this point. I have tried on
>both and windows 2000 and windows XP machine using Outlook 2002. All of the
>proof of concept codes and other documentation does not seemt o work.
>I consistently receive an error of invalid switch parameter when attempting
>to use<html>
>
><body>
><!-- This is the exploit string. -->
><img src="mailto:aa" /select
>javascript:alert('vulnerable')">
></body>
></html>
>
>utlilizing the select switch consistently produces the same error. There
>does not seem to be a way to get Outlook to receive the proper command
>string. Is this potential vulnerabiity exploitable? Does anyone have any
>suggestions on how to move forward?
>
>thanks,
>
>Clancy
>
>_________________________________________________________________
>Persistent heartburn? Check out Digestive Health & Wellness for information
>and advice. http://gerd.msn.com/default.asp
>
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]