[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200406041714.i54HE6lo015544@web128.megawebservers.com>
Date: Fri, 4 Jun 2004 17:14:06 -0000
From: "http-equiv@...ite.com" <1@...ware.com>
To: "Spencer, Mark" <mspencer@...dentdata.com>, <1@...ware.com>,
<bugtraq@...urityfocus.com>
Cc: <NTBugtraq@...tserv.ntbugtraq.com>
Subject: RE: PING: Outlook 2003 Spam
I think Mark might be onto something both the vml and the copies
of named files in the temp folder no longer appear to occur:
http://www.securityfocus.com/bid/10323
http://www.securityfocus.com/bid/10307
Those notes are dated 10th and 11th May. On the machine they no
longer work on, we have a couple XP so-called 'patches' from
14th May and 17th May with a 3 or 4 office update folders with
files created on 17th May as well.
How's that for service. Quick, silent patching ! No need to
bother anyone ! Well done lads.
[unless of course if our little XP test machines are broken and
we are seeing things]
"Spencer, Mark" <mspencer@...dentdata.com> said:
> Hello,
>
> A coworker and I spent much of the day yesterday trying to
replicate
> this behavior and we were not able to do so. The only time we
can get
> Outlook 2003 to pull anything from our server with this code
is when we
> send the email within our own MS Exchange. We've tried
multiple
> clients, multiple SMTP servers, and many variations of the
code below
> and have not been successful, other than emails sent between
Exchange
> users.
>
> I have not seen any other comments on this issue. Is it
possible
> Microsoft has already patched Outlook 2003 to only allow this
behavior
> when dealing with a trusted zone?
>
> Mark
>
> -----Original Message-----
> From: http-equiv@...ite.com [mailto:1@...ware.com]
> Sent: Tuesday, May 11, 2004 8:42 AM
> To: bugtraq@...urityfocus.com
> Cc: NTBugtraq@...tserv.ntbugtraq.com
> Subject: PING: Outlook 2003 Spam
>
>
>
> Tuesday, May 11, 2004
>
> Outlook 2003 the premier mail client from the company
called 'Microsoft'
> certainly appears to have a lot of security features built
into it.
> Cursory examination shows excellent thought into 'spam'
containment,
> 'security' consideration and many other little 'things'. So
much so the
> default rendering of html is in so-called 'restricted zone'
which
> disallows nearly everything [frames, iframes, objects,
scripting etc.].
> In addition 'special' spam measures are taken to disallow
graphic
> downloads from a remote server in html email which can be used
to verify
> recipients:
>
> [screen shot: http://www.malware.com/duhlook.png 40KB]
>
> The Key Word is: nearly
>
> Utilising Outlook's own bizarre scheMAH ! which comprises
a 'proper'
> frame along with an src pointing to our remote server, we are
able to
> ping the server and confirm our recipient has viewed our
email. We don't
> require graphics or frames or iframes to do that:
>
> <v:vml frame style="LEFT: 50px; WIDTH: 300px; POSITION:
> relative; TOP: 30px; HEIGHT: 200px"
> src = "http://www.malware.com/duh.txt#malware"></v:vmlframe>
>
> <HTML>
> <HEAD>
> <STYLE>
> v\:* { behavior: url(#default#VML); }
> </STYLE>
> <XML:NAMESPACE NS="urn:schemas-microsoft-com:vml" PREFIX="v"/>
</HEAD>
>
>
> Notes:
>
> 1. We now commence our examination of the Microsoft Office
2003 suite,
> we're a bit late, but it has taken all this time to save up to
buy the
> thing 2. Quick 72 hour prodding reveals that this 'perceived'
premier
> device known as Outlook 2003 is in fact riddled with holes 3.
Do not
> receive or open any emails period. Use string and tin cans if
you must
> communicate
>
>
>
> End Call
>
>
> --
> http://www.malware.com
>
>
>
>
>
>
--
http://www.malware.com
Powered by blists - more mailing lists