lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
From: JThomas at poweronemedia.com (Joshua Thomas)
Subject: HTML FORMATED MAIL ( ie - oe - html ) bgsou
	nd local file - ding?

Do you have an exploit example for this that is anything other than just an
annoyance?

Joshua Thomas
Network Operations Engineer
PowerOne Media, Inc.
tel: 518-687-6143
jthomas@...eronemedia.com 
-----Original Message-----
From: morning_wood [mailto:se_cur_ity@...mail.com]
Sent: Monday, August 04, 2003 7:55 PM
To: incidents@...urityfocus.com; 0day; full-disclosure@...ts.netsys.com
Subject: [Full-Disclosure] HTML FORMATED MAIL ( ie - oe - html ) bgsound
local file - ding?


ding ding ding <--- its a local file
this should work reading FROM hotmail as well or any web ( html ) based
mail reader ( i think ) 
the tag <BGSOUND> carries many optopns as well, and referenced at
http://msdn.microsoft.com/workshop/author/dhtml/reference/objects/bgsound.as
p
this is calling c:\windows\media\ding.wav ( 9x / XP ) and
c:\winnt\media\ding.wav
this affects Microsft Win9x / NT / 2K / XP / 200? is this an annoyance or
bug? 
Donnie Werner
morning_wood@...labs.com
http://e2-labs.com 
 view this online at http://exploit.philez.com/ding.htm
 t'nks buRdeN fer the test'n 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030804/018a062c/attachment.html

Powered by blists - more mailing lists