[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: Minor privacy exploit in Outlook Express
From: "1nternal () geocities ! com" <1nternal () MY-DEJANEWS ! COM>
Date: 1999-04-26 12:07:19
[Download RAW message or body]
Outlook Express uses HTML to display ceratin information in the 'outlook today' type \
part of outlook express, ie, the number of unread messages in your inbox etc...
Because it is considered to be in the 'internet zone', this information needs to be \
safely scriptable, thus it can be accessed by any site in this zone. This allows for \
a possible (although admittedly minor) privacy and possibly security problem.
The 'problem' lies in the 'OutlookExpress.MessageList' ActiveX control, which is \
marked safe for scripting, it allows for counting the number of messages in any \
folder within outlook express, as well as the number of unread items and a few other \
things, such as setting options, however, the options are only set for that instance \
only and are not saved.
An example of viewing the number of messages in a folder, as well as previewing the \
message (creating the file 'C:\oe_prev$.eml' without the users permission). It should \
be noted that this preview message is not accessible remotely(without an exploit).
<script language="VBSCRIPT"><!--
set MsgList = CreateObject("OutlookExpress.MessageList")
MsgList.Folder = 6
msgbox(MsgList.Count)
location.href = MsgList.PreviewMessage
--></script>
Obviously, this could also be done in JavaScript, however it would still require \
activeX support and OE5.
1nternal@my-dejanews.com
-----== Sent via Deja News, The Discussion Network ==-----
http://www.dejanews.com/ Easy access to 50,000+ discussion forums
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic