[12492] in bugtraq
Re: MS Outlook alert : Cuartango Active Setup
daemon@ATHENA.MIT.EDU (Bronek Kozicki)
Tue Nov 9 11:57:36 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <001501bf2ab2$30f7ba70$fac9a8c0@poland.wpi>
Date: Tue, 9 Nov 1999 13:59:00 +0100
Reply-To: Bronek Kozicki <bronek@WPI.COM.PL>
From: Bronek Kozicki <bronek@WPI.COM.PL>
X-To: BugTraq Mailing List <BUGTRAQ@SECURITYFOCUS.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <19991108115405.A11777@securityfocus.com>
As far as I understand: this security hole will work when user double-click
an supposedly innocent attachment, expecting that some well-known program
(e.g. notepad.exe) will open it, is it right? So it will work only when user
is opening an attachement, am I right?
Now I'm trying to imagine similar scenario, but working just when email is
opened - without opening it's attachments. Let's imagine email in HTML
format, with online pictures. Pictures are saved to disk when email is
opened to some temp directory, and then displayed in email window (e.g.
background image). If (and this is the "IF") active script included into
HTML email would access these files on disk, is it possible to execute the
same "Active Setup" actions on it? This would allow to execute email
attachements "masked" as GIF of JPG pictures put in HTML mail, just when
email is opened. "Good Times" goes real?
It's just an idea - for Juan Cuartango or Georgi Guminski or anybody else
willing to verify it ...
Bronek Kozicki
PS sorry for my poor English
