[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] MicroSopht IE (on XPee only) launches messenger by callto:gates or outlook by outlook:calendar protocols
- To: <partysan_FFF@xxxxxxx>, "'Good One'" <labaiss2003@xxxxxxxxxxx>
- Subject: RE: [Full-Disclosure] MicroSopht IE (on XPee only) launches messenger by callto:gates or outlook by outlook:calendar protocols
- From: "Larry Seltzer" <larry@xxxxxxxxxxxxxxxx>
- Date: Sat, 10 Jul 2004 22:01:56 -0400
GO> Micro$opht IE (on XPee only) launches messenger by callto:gates or
GO> outlook by outlook:calendar protocols
>>Is there anything you can do to Outlook that way, or will it just open?
Here's the documentation on the outlook: scheme:
http://office.microsoft.com/assistance/preview.aspx?AssetID=HP052428041033&CTT=8&Origin=
EC011081751033&Product=out2003
Here's a link to it that won't be broken up by your mail client:
http://tinyurl.com/2m2cp
I've tried this in a bunch of ways and what it does is to open up Outlook to the
appropriate location. If you load it from an IFRAME the frame is empty with a
syntax
error. I'm also really curious how this could be exploited.
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.ziffdavis.com/seltzer
larryseltzer@xxxxxxxxxxxxx
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html