There is an easy way to open a web page using and email client using HTML parsing ... simply put in the <head> tag <meta http-equiv="REFRESH" content="0;URL=http://www.yourpagehere.com"> -Rishi Marc Slemko wrote: > Also note that if there is any way to get Outlook Express to open a new IE > window with a document in automatically when it loads an email, then you > would be vulnerable if you only disabled scripting, etc. for mail and not > for "normal" web access. Is there a way to do this? I don't know of any. > But again, things are complex enough that I'm quite unwilling to say there > is no way to do it. > > So while disabling all the "features" that you can when reading HTML mail > is definitely recommended and protects you against a lot of attacks, it is > not a complete solution. I seriously doubt that all the ways of > exploiting this issue without using scripting languages have been > discovered. > > Not that I have seen anyone publicly posting exploits that do things in > any of these ways (or any other way...), which I find odd, since there are > lots of vulnerable sites out there, and some vulnerabilities that are > pretty serious. >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:34:45 PDT