[Full-disclosure] Outlook Express 6.0 : link destination obfuscation



Hello FD readers,

did anyone already noticed that on Outlook Express 6.0, when a link is
longer than 512 bytes, the destination is not displayed at all in the
status bar ?

Tested on Outlook Express 6.0 on WinXP Pro SP2 FR, does not work on Outlook
2003 Win XP SP2 FR.

Ex :
<a href="http://www.exemple.com/+(500 random chars)">www.bank.com</a>

It could be used in phishing attacks for exemple to hide real link destination.
Could it be considered as a security issue ?


Kind regards,
Romain Vergniol

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages

  • Re: Compatibility between OUTLOOK EXPRESS<>WINDOWS XP SP3<>SOME SM
    ... in the box labeled, "Mail", near the bottom of the menu) and tested to send ... Outlook Express 6.00.2900.5512 ... TELEFONICA.NET SMTP the messages not arrived to destination. ... Everything worked OK till after Windows XP Service Pack ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
  • Re: [Full-disclosure] Outlook Express 6.0 : link destination obfuscation
    ... It could be used in phishing attacks for exemple to hide real link destination. ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
    (Full-Disclosure)
  • Re: [Full-disclosure] pcap flow extraction, Net::Frame is your friend
    ... It will print the source and destination IPv4 addresses, ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
    (Full-Disclosure)
  • Re: Istorage unicode problem
    ... OutlookSpy - Outlook, CDO ... I am trying to copy an outlook msg to another dynamically created msg ... we choose to save such a message as non unicode. ... subject heading.Setting it ) on the Destination also returns ...
    (microsoft.public.win32.programmer.messaging)
  • Re: Istorage unicode problem
    ... I am trying to copy an outlook msg to another dynamically created msg ... we choose to save such a message as non unicode. ... subject heading.Setting it ) on the Destination also returns ...
    (microsoft.public.win32.programmer.messaging)