Full Disclosure mailing list archives
Re: RE: Security issue in Microsoft Outlook
From: Dan Margolis <lists.fd.dmargoli () af0 net>
Date: Mon, 23 May 2005 17:55:43 -0400
On Mon, May 23, 2005 at 01:25:35PM -0700, David Cleveland wrote:
I was able to duplicate. After creating the url link, I put the cursor right after the 'www.' And typed in the 'foo-labs.info'. Then I delete everything after 'info' and sent it. The link read foo-labs and went to cybertrion.
After much trials and tribulations, I was able to replicate this. And you know what? IT'S THE EXACT SAME RESULT AS IF SOMEONE HAD CLICKED "EDIT" AND CHANGED THE URL! So, what this means is that there is a "bug" in Outlook by which one can, if one has not clicked off the link since creating it, create a link, alter it, and not have the target altered to the new URL. I say "bug" in quotes because what presumably is going on is the function that updates the target is not called, leaving the old target in there. Is this a security risk? NO! The reporter is a troll or a moron! Since my prior sarcasm was apparently lost on some readers, THIS IS A FEATURE OF HTML! Links can point to other places than the text in between the link tags! If they couldn't, there'd be no point to having links! If you have a problem with this, go back to using Gopher--or better yet, stop using the Internet. We'll all miss your valuable input. Once and for all: THIS IS NOT A VULNERABILITY. Now, can we all let this stupid thread die? Thanks and have a great day. :) -- Dan _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Security issue in Microsoft Outlook, (continued)
- Re: Security issue in Microsoft Outlook Harshad (May 19)
- Re: Re: Security issue in Microsoft Outlook Joachim Schipper (May 19)
- RE: Security issue in Microsoft Outlook Steve Bostedor (May 19)
- Re: Security issue in Microsoft Outlook M. Moreno (May 19)
- RE: Security issue in Microsoft Outlook Patch Now (May 19)
- RE: Security issue in Microsoft Outlook David Corn (May 20)
- RE: Security issue in Microsoft Outlook David Corn (May 20)
- Re: RE: Security issue in Microsoft Outlook Colin (May 21)
- Re: RE: Security issue in Microsoft Outlook Valdis . Kletnieks (May 21)
- Re: RE: Security issue in Microsoft Outlook Colin (May 21)
- RE: RE: Security issue in Microsoft Outlook David Cleveland (May 23)
- Re: RE: Security issue in Microsoft Outlook Dan Margolis (May 23)
- Re: Security issue in Microsoft Outlook Harshad (May 19)