[Full-disclosure] Re: Security issue in Microsoft Outlook

From: Harshad (harshad_at_yahoo.com)
Date: 05/19/05

  • Next message: Seguridad en Computo - UNAM: "[Full-disclosure] !! Conference Program Computer Security Mexico 2005 !!"
    Date: Wed, 18 May 2005 22:07:54 -0700 (PDT)
    To: bugtraq@securityfocus.com
    
    
    

    This issue was originally discovered by Harry from http://www.securityalertz.com & http://www.Harry-Inc.com The article is stolen from http://www.securityalertz.com/Article805.html posted on May 06 2005 ..Lol....the poser below copies most of the articles from Securityalertz on his so called security sites claiming them to be his....

    Bakchodiya <bakchodiya@yahoo.com> wrote:An issue has been discovered in MS Outlook (All
    Versions) where anyone can fake a URL & send it
    across.

    How does it work:

    Lets compose an email in MS Outlook, lets type

    http://www.cybertrion.com & put a space after it to
    make it a link. Now put your cursor just before
    cybertrion & type any URL for eg:
    http://www.foo-labs.info now send it to anyone. The
    receiver will see the URL as http://www.foo-labs.info
    but when he clicks on it it will directly take him to
    http://www.cybertrion.com

    I am not sure how critical this is but it can fool
    alot of people & result in download of a virus.

    For more details and Discovered by:
    Cybertrion Systems,
    http://www.cybertrion.com

    __________________________________
    Do you Yahoo!?
    Yahoo! Mail - Find what you need with new enhanced search.
    http://info.mail.yahoo.com/mail_250

                    
    ---------------------------------
    Yahoo! Mail
     Stay connected, organized, and protected. Take the tour

    
    

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/


  • Next message: Seguridad en Computo - UNAM: "[Full-disclosure] !! Conference Program Computer Security Mexico 2005 !!"

    Relevant Pages

    • Re: Clicking on the "SEND MAIL" tab
      ... "Manny Borges" wrote: ... Outlook Express is only a mail client. ... I am going to assume that you use yahoo with the web browser interface. ... FLKulchar ...
      (microsoft.public.windowsxp.general)
    • Re: Clicking on the "SEND MAIL" tab
      ... Outlook Express is only a mail client. ... These links you are talking about are mailto: ... I am going to assume that you use yahoo with the web browser interface. ... Since the basic function of this kind of link calls for a mail app and not a ...
      (microsoft.public.windowsxp.general)
    • Re: How do I download bulk emails to outlook?
      ... Inbox from the web mail interface. ... If you want the messages that Yahoo ... With Outlook closed, ... But I think I have a pop3 access. ...
      (microsoft.public.outlook.installation)
    • Move e-mails back to Yahoo from Outlook
      ... I have the same problem with my emails transferred from Yahoo account. ... Move e-mails back to Yahoo from Outlook ... I am running Windows Vista and Outlook 2007. ...
      (microsoft.public.outlook.general)
    • Re: Autodiscover with two domains - confusing!
      ... to authenticate to conglomerate.com when running Outlook 2007. ... Within the same AD forest? ... Let's say Microsoft buys Yahoo, and makes the decision that all former ...
      (microsoft.public.exchange.admin)