<!-- Outlook 2000 and 2003 allow execution of remote web pages specified within the data property of OBJECT tags when there is no closing /OBJECT --> This reminds me of something I saw the other day. The following and a variety of variations will work in Outlook Express [probably IE as well]: <BODY> <img <div src="http://www.malware.com/images/mwheader.gif"; /div> </BODY></HTML></OBJECT></BODY></HTML> It hasn't been thoroughly explored but for filtering of html email it might prove interesting. note: it cannot be sent from Outlook Express as it will correct the tags. Use something else. It was originally noticed in IE like so: <iframe src=http://www.malware.com <img> -- http://www.malware.com
![http://www.malware.com/images/mwheader.gif"](http://www.malware.com/images/mwheader.gif"){kind=link}
