[Full-disclosure] RE: Security issue in Microsoft Outlook

From: Keenan Smith (kc_smith_at_clark.net)
Date: 05/23/05

  • Next message: Sune Kloppenborg Jeppesen: "[Full-disclosure] [ GLSA 200505-17 ] Qpopper: Multiple Vulnerabilities" 
    To: "'Bakchodiya'" <bakchodiya@yahoo.com>, <bugtraq@securityfocus.com>
Date: Mon, 23 May 2005 13:46:21 -0400

    I was not able to duplicate this.

    Typing over the existing URL replaced both the displayed and link text.

    Could anyone else duplicate?

    Keenan

    -----Original Message-----
    From: Bakchodiya [mailto:bakchodiya@yahoo.com]
    Sent: Wednesday, May 18, 2005 4:28 PM
    To: bugtraq@securityfocus.com
    Cc: full-disclosure@lists.grok.org.uk
    Subject: Security issue in Microsoft Outlook

    An issue has been discovered in MS Outlook (All
    Versions) where anyone can fake a URL & send it
    across.

    How does it work:

    Lets compose an email in MS Outlook, lets type

    http://www.cybertrion.com & put a space after it to
    make it a link. Now put your cursor just before
    cybertrion & type any URL for eg:
    http://www.foo-labs.info now send it to anyone. The
    receiver will see the URL as http://www.foo-labs.info
    but when he clicks on it it will directly take him to
    http://www.cybertrion.com

    I am not sure how critical this is but it can fool
    alot of people & result in download of a virus.

    For more details and Discovered by:
    Cybertrion Systems,
    http://www.cybertrion.com

                    
    __________________________________
    Do you Yahoo!?
    Yahoo! Mail - Find what you need with new enhanced search.
    http://info.mail.yahoo.com/mail_250

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/

  • Next message: Sune Kloppenborg Jeppesen: "[Full-disclosure] [ GLSA 200505-17 ] Qpopper: Multiple Vulnerabilities"

    Relevant Pages