| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue May 24 00:30:06 2005 From: lists.fd.dmargoli at af0.net (Dan Margolis) Subject: RE: Security issue in Microsoft Outlook On Mon, May 23, 2005 at 01:25:35PM -0700, David Cleveland wrote: > I was able to duplicate. After creating the url link, I put the cursor > right after the 'www.' And typed in the 'foo-labs.info'. Then I delete > everything after 'info' and sent it. The link read foo-labs and went to > cybertrion. After much trials and tribulations, I was able to replicate this. And you know what? IT'S THE EXACT SAME RESULT AS IF SOMEONE HAD CLICKED "EDIT" AND CHANGED THE URL! So, what this means is that there is a "bug" in Outlook by which one can, if one has not clicked off the link since creating it, create a link, alter it, and not have the target altered to the new URL. I say "bug" in quotes because what presumably is going on is the function that updates the target is not called, leaving the old target in there. Is this a security risk? NO! The reporter is a troll or a moron! Since my prior sarcasm was apparently lost on some readers, THIS IS A FEATURE OF HTML! Links can point to other places than the text in between the link tags! If they couldn't, there'd be no point to having links! If you have a problem with this, go back to using Gopher--or better yet, stop using the Internet. We'll all miss your valuable input. Once and for all: THIS IS NOT A VULNERABILITY. Now, can we all let this stupid thread die? Thanks and have a great day. :) -- Dan
Powered by blists - more mailing lists