[31053] in bugtraq
Notepad popups in Internet Explorer and Outlook
daemon@ATHENA.MIT.EDU (Richard M. Smith)
Tue Aug 5 18:30:43 2003
From: "Richard M. Smith" <rms@computerbytesman.com>
To: "BUGTRAQ@SECURITYFOCUS. COM" <BUGTRAQ@securityfocus.com>
Date: Mon, 4 Aug 2003 14:57:47 -0400
Message-ID: <007401c35aba$0c85fb70$550ffea9@rms>
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Envelope-To: rms@computerbytesman.com
Hi,
Do Notepad popups represent a security risk or are they simply another
way for spammers and marketers to annoy us? Because of a design flaw in
Internet Explorer, Notepad popup windows can be displayed from an HTML
email message or Web page regardless of browser security settings. In
addition, Notepad popups can access files on a hard disk, possibilly
causing stability problems in a Windows saystem.
For more details, see:
http://www.computerbytesman.com/security/notepadpopups.htm
Question: What kind of operating system allows an email message to
automatically start up a text editor to change a system file?
Richard M. Smith
http://www.ComputerBytesMan.com
