lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 9 Jul 2004 18:13:48 -0000 From: "http-equiv@...ite.com" <1@...ware.com> To: <bugtraq@...urityfocus.com> Subject: Re: Microsoft Word Email Object Data Vulnerability <!-- Outlook 2000 and 2003 allow execution of remote web pages specified within the data property of OBJECT tags when there is no closing /OBJECT --> This reminds me of something I saw the other day. The following and a variety of variations will work in Outlook Express [probably IE as well]: <BODY> <img <div src="http://www.malware.com/images/mwheader.gif" /div> </BODY></HTML></OBJECT></BODY></HTML> It hasn't been thoroughly explored but for filtering of html email it might prove interesting. note: it cannot be sent from Outlook Express as it will correct the tags. Use something else. It was originally noticed in IE like so: <iframe src=http://www.malware.com <img> -- http://www.malware.com