[Full-disclosure] Re: Security issue in Microsoft Outlook

From: Kevin Martin (kevintm_at_ameritech.net)
Date: 05/19/05

  • Next message: M. Moreno: "[Full-disclosure] Re: Security issue in Microsoft Outlook" 
    Date: Thu, 19 May 2005 08:29:44 -0500
To: Bakchodiya <bakchodiya@yahoo.com>

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    I must be missing something here. When I create an email with outlook with
    http://www.cybertrion.com> and then arrow back to in front of cybertrion and enter
    http://www.foo-labs.info my url ends up looking like
    http://www.http://www.foo-labs.infocybertrion.com and that is what get's sent and received by the
    recipient. I'm apparently not doing this correctly or maybe it's in the way you have your Outlook
    editing set up.

    Kevin

    Bakchodiya wrote:
    | An issue has been discovered in MS Outlook (All
    | Versions) where anyone can fake a URL & send it
    | across.
    |
    | How does it work:
    |
    | Lets compose an email in MS Outlook, lets type
    |
    |
    | http://www.cybertrion.com & put a space after it to
    | make it a link. Now put your cursor just before
    | cybertrion & type any URL for eg:
    | http://www.foo-labs.info now send it to anyone. The
    | receiver will see the URL as http://www.foo-labs.info
    | but when he clicks on it it will directly take him to
    | http://www.cybertrion.com
    |
    | I am not sure how critical this is but it can fool
    | alot of people & result in download of a virus.
    |
    | For more details and Discovered by:
    | Cybertrion Systems,
    | http://www.cybertrion.com
    |
    |
    |
    | __________________________________
    | Do you Yahoo!?
    | Yahoo! Mail - Find what you need with new enhanced search.
    | http://info.mail.yahoo.com/mail_250
    |
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.4 (GNU/Linux)

    iD8DBQFCjJTIaXZlxDxYaM4RAk66AKDFKYLZWnJ14OhPbbdtAkQyZcc1CQCg9SXz
    n8AW/b0d7lvoHZbX8qzM9zg=
    =rPud
    -----END PGP SIGNATURE-----
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/

  • Next message: M. Moreno: "[Full-disclosure] Re: Security issue in Microsoft Outlook"

    Relevant Pages

    • my address is a number
      ... I use Outlook express 6.When I send messages to a particular yahoo ... the receiver can see a number instead of ... Please help me fix this if you can. ...
      (microsoft.public.outlook.general)
    • Re: Completely Blank E-mail Messages (should be messages with atta
      ... The sender and receiver are on the same ... Format to HTML. ... PA Bear is assuming that the sender is using Outlook and RTF format ...
      (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
    • Re: Clicking on the "SEND MAIL" tab
      ... "Manny Borges" wrote: ... Outlook Express is only a mail client. ... I am going to assume that you use yahoo with the web browser interface. ... FLKulchar ...
      (microsoft.public.windowsxp.general)
    • Re: Clicking on the "SEND MAIL" tab
      ... Outlook Express is only a mail client. ... These links you are talking about are mailto: ... I am going to assume that you use yahoo with the web browser interface. ... Since the basic function of this kind of link calls for a mail app and not a ...
      (microsoft.public.windowsxp.general)
    • Re: How do I download bulk emails to outlook?
      ... Inbox from the web mail interface. ... If you want the messages that Yahoo ... With Outlook closed, ... But I think I have a pop3 access. ...
      (microsoft.public.outlook.installation)