Re: [Full-disclosure] Re: Security issue in Microsoft Outlook

From: Joachim Schipper (j.schipper_at_math.uu.nl)
Date: 05/19/05

  • Next message: Daniel: "Re: [Full-disclosure] Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability" 
    Date: Thu, 19 May 2005 15:57:33 +0200
To: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk

    On Wed, May 18, 2005 at 10:07:54PM -0700, Harshad wrote:
    > This issue was originally discovered by Harry from http://
    > www.securityalertz.com & http://www.Harry-Inc.com The article is stolen from
    > http://www.securityalertz.com/Article805.html posted on May 06 2005
    > ..Lol....the poser below copies most of the articles from Securityalertz on his
    > so called security sites claiming them to be his....
    >
    > Bakchodiya <bakchodiya@yahoo.com> wrote:
    >
    > An issue has been discovered in MS Outlook (All
    > Versions) where anyone can fake a URL & send it
    > across.
    >
    > How does it work:
    >
    > Lets compose an email in MS Outlook, lets type
    >
    >
    > http://www.cybertrion.com & put a space after it to
    > make it a link. Now put your cursor just before
    > cybertrion & type any URL for eg:
    > http://www.foo-labs.info now send it to anyone. The
    > receiver will see the URL as http://www.foo-labs.info
    > but when he clicks on it it will directly take him to
    > http://www.cybertrion.com
    >
    > I am not sure how critical this is but it can fool
    > alot of people & result in download of a virus.

    Erm... do you *want* to admit to 'discovering' this? ;-)

                    Joachim

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/

  • Next message: Daniel: "Re: [Full-disclosure] Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability"