[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Outlook Mailto URL:vulnerabilty



All,
I have been trying to write an exploit for the Outlook Mailto URL vulnerability, but have been unsuccesfull up to this point. I have tried on both and windows 2000 and windows XP machine using Outlook 2002. All of the proof of concept codes and other documentation does not seemt o work. I consistently receive an error of invalid switch parameter when attempting to use<html>

<body>
<!-- This is the exploit string. -->
<img src="mailto:aa&quot; /select
javascript:alert('vulnerable')">
</body>
</html>

utlilizing the select switch consistently produces the same error. There does not seem to be a way to get Outlook to receive the proper command string. Is this potential vulnerabiity exploitable? Does anyone have any suggestions on how to move forward?

thanks,

Clancy

_________________________________________________________________
Persistent heartburn? Check out Digestive Health & Wellness for information and advice. http://gerd.msn.com/default.asp