Re: PING: Outlook 2003 Spam

From: Spencer, Mark (mspencer_at_EVIDENTDATA.COM)
Date: 06/04/04

  • Next message: Russ: "Re: Russ Cooper's AusCERT Presentation on MS Security Bulletins"
    Date:         Fri, 4 Jun 2004 08:09:39 -0700


    A coworker and I spent much of the day yesterday trying to replicate
    this behavior and we were not able to do so. The only time we can get
    Outlook 2003 to pull anything from our server with this code is when we
    send the email within our own MS Exchange. We've tried multiple
    clients, multiple SMTP servers, and many variations of the code below
    and have not been successful, other than emails sent between Exchange

    I have not seen any other comments on this issue. Is it possible
    Microsoft has already patched Outlook 2003 to only allow this behavior
    when dealing with a trusted zone?


    -----Original Message-----
    From: []
    Sent: Tuesday, May 11, 2004 8:42 AM
    Subject: PING: Outlook 2003 Spam

    Tuesday, May 11, 2004

    Outlook 2003 the premier mail client from the company called 'Microsoft'
    certainly appears to have a lot of security features built into it.
    Cursory examination shows excellent thought into 'spam' containment,
    'security' consideration and many other little 'things'. So much so the
    default rendering of html is in so-called 'restricted zone' which
    disallows nearly everything [frames, iframes, objects, scripting etc.].
    In addition 'special' spam measures are taken to disallow graphic
    downloads from a remote server in html email which can be used to verify

    [screen shot: 40KB]

    The Key Word is: nearly

    Utilising Outlook's own bizarre scheMAH ! which comprises a 'proper'
    frame along with an src pointing to our remote server, we are able to
    ping the server and confirm our recipient has viewed our email. We don't
    require graphics or frames or iframes to do that:

    <v:vml frame style="LEFT: 50px; WIDTH: 300px; POSITION:
    relative; TOP: 30px; HEIGHT: 200px"
    src = ""></v:vmlframe>

    v\:* { behavior: url(#default#VML); }
    <XML:NAMESPACE NS="urn:schemas-microsoft-com:vml" PREFIX="v"/> </HEAD>


    1. We now commence our examination of the Microsoft Office 2003 suite,
    we're a bit late, but it has taken all this time to save up to buy the
    thing 2. Quick 72 hour prodding reveals that this 'perceived' premier
    device known as Outlook 2003 is in fact riddled with holes 3. Do not
    receive or open any emails period. Use string and tin cans if you must

    End Call

    NTBugtraq Editor's Note:
    Want to reply to the person who sent this message? This list is configured such that just hitting reply is going to result in the message coming to the list, not to the individual who sent the message. This was done to help reduce the number of Out of Office messages posters received. So if you want to send a reply just to the poster, you''ll have to copy their email address out of the message and place it in your TO: field.

  • Next message: Russ: "Re: Russ Cooper's AusCERT Presentation on MS Security Bulletins"