RE: [Full-Disclosure] MicroSopht IE (on XPee only) launches messenger by callto:gates or outlook by outlook:calendar protocols
Date: Sat Jul 10 2004 - 22:01:56 EDT
GO> Micro$opht IE (on XPee only) launches messenger by callto:gates or
GO> outlook by outlook:calendar protocols
>>Is there anything you can do to Outlook that way, or will it just open?
Here's the documentation on the outlook: scheme:
http://office.microsoft.com/assistance/preview.aspx?AssetID=HP052428041033&CTT=8&Origin=
EC011081751033&Product=out2003
Here's a link to it that won't be broken up by your mail client:
http://tinyurl.com/2m2cp
I've tried this in a bunch of ways and what it does is to open up Outlook to the
appropriate location. If you load it from an IFRAME the frame is empty with a syntax
error. I'm also really curious how this could be exploited.
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.ziffdavis.com/seltzer
larryseltzer@ziffdavis.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Received on Sat Jul 10 23:11:09 2004
This archive was generated by hypermail 2.1.8 : Sun Jul 11 2004 - 00:02:42 EDT
