Outlook 2002 Continues to Execute Javascript in HTML Email Messages

According to Internet security and privacy consultant Richard M. Smith, a Windows Media Player (WMP) skin file (.wms) can run a script that can force a user's browser to navigate to a potentially harmful Web page. If an HTML message uses an IFRAME element to launch such a .wms file, the Web page would open when the user previews or opens the message. Smith recommends that Microsoft consider all WMP files potentially unsafe because of their ability to run script code. For more information, see the following Web site:

http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0203&L=ntbugtraq&F=P&S=&P=4626
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish