On Mon, May 23, 2005 at 01:25:35PM -0700, David Cleveland wrote:
> I was able to duplicate. After creating the url link, I put the cursor
> right after the 'www.' And typed in the 'foo-labs.info'. Then I delete
> everything after 'info' and sent it. The link read foo-labs and went to
> cybertrio
went to
cybertrion.
-David
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Micheal
Espinola Jr
Sent: Monday, May 23, 2005 1:13 PM
To: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] RE: Security issue in Microsoft Outlook
I was not able
I was not able to duplicate this with Outlook 2003. Both URLs were
visible, only the cybertrion URL was hotlinked, with no space
inbetween the two. i.e.:
http://www.foo-labs.infohttp://www.cybertrion.com
On 5/23/05, Keenan Smith <[EMAIL PROTECTED]> wrote:
> I was not able to duplicate this.
>
I was not able to duplicate this.
Typing over the existing URL replaced both the displayed and link text.
Could anyone else duplicate?
Keenan
-Original Message-
From: Bakchodiya [mailto:[EMAIL PROTECTED]
Sent: Wednesday, May 18, 2005 4:28 PM
To: bugtraq@securityfocus.com
Cc: full-dis
On Sat, 21 May 2005 23:03:01 BST, Colin said:
> how come the troll threads are always the longest?
It's springtime, and the trolls are looking for mates. The troll with the
longest is most likely to reproduce. Check the list archives in a few months -
if any of the trolls snag a mate, in a few mo
how come the troll threads are always the longest?
:)
C
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
That's exactly what I said earlier. The thing is this is NOT outlook
specific, ANY program that allows HTML is subject to this. fake name This is far from a security risk, HTML is a
feature not a bug.
David Corn
Security Consultant
Covetrix, IT Consulting Group
http://www.covetrix.com
Phone: 21
This can fool people but it's not a bug in my opinion. It's the same as
http://google.com>http://yahoo.com
You can also achieve this by typing a url and right clicking it then by
clicking edit hyperlink, then you can change the values to mask it. So
this is not a bug just a feature that can
This is very unclear. Which version of Outlook? Plain text, HTML, or Rich text? Fully patched? I've tried it using Outlook 2002 with plain text and with HTML and I always end up getting emails that look like:
http://www.http://www.foo-labs.infocybertrion.com
Gary Love
-Original Message-
F
On Wed, May 18, 2005 at 10:07:54PM -0700, Harshad wrote:
> This issue was originally discovered by Harry from http://
> www.securityalertz.com & http://www.Harry-Inc.com The article is stolen from
> http://www.securityalertz.com/Article805.html posted on May 06 2005
> ..Lolthe poser below copie
I could not reproduce this using Outlook
2000(9.0.0.2711)
FYI
--- Bakchodiya <[EMAIL PROTECTED]> wrote:
> An issue has been discovered in MS Outlook (All
> Versions) where anyone can fake a URL & send it
> across.
>
> How does it work:
>
> Lets compose an email in MS Outlook, lets type
>
>
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I must be missing something here. When I create an email with outlook with
http://www.cybertrion.com and then arrow back to in front of cybertrion and
enter
http://www.foo-labs.info my url ends up looking like
http://www.http://www.foo-labs.infocybert
Doesn't seem to be a problem in Outlook 2003. I made one for
http://www.vncscan.com and then followed your instructions to change it
to www.hackme.com and it still went to hackme.com.
- Steve Bostedor
http://www.vncscan.com
The Real VNC Manager
> -Original Message-
> From: Bakchodiya [
you can also do it with HTML.
eg. http://www.cybertrion.com";>http://www.foo-labs.info
and in addition u can change the text wich is shown when the cursor is
over the link:
http://www.cybertrion.com";
alt="http://www.foo-labs.info";>http://www.foo-labs.info
Sorry for my bad english.
On 5/18/05, B
This issue was originally discovered by Harry from http://www.securityalertz.com & http://www.Harry-Inc.com The article is stolen from http://www.securityalertz.com/Article805.html posted on May 06 2005 ..Lolthe poser below copies most of the articles from Securityalertz on his so called securi
Microsoft Outlook uses HTML to display its messages, this is just a feature
of that. No different than setting up link redirection and hiding the
ultimate destination on a webpage. Additionally it is simliar to having the
alternate text, address and extra info about a link modified in the status
How is this any different than having the text of a link say something other
than the URL? This is possible in HTML (in any application) and Microsoft
Office application. For example, go into Word and type "some text" then
highlight it, and press Ctrl+K. Then type in the URL you want. This is n
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
You can also do that by adjusting the properties of the link. In the
same way you can take any text and make it into a link. If you view mail
in plain text only then it wont effect you.
The link text/actual url is an HTML anchor tag: text you see
Bak
Sorry to shoot you down, but this isn't a security issue at all. You can
do the same thing by typing some text, highlighting it, right-clicking,
clicking Hyperlink, and typing an address.
On the receiving end, the client will get:
http://www.foo-labs.info";>http://www.cybertrion.com
which is perf
Outlook does that when composing an email in HTML format, where you can have
any name associated to a link with a tag.
The example you give is something like http://www.cybertrion.com";>
http://www.foo-labs.info
Regards,
--
Domingos Bruges
-Original Message-
From: Bakchodiya [mailto:[EM
Bakchodiya wrote:
> An issue has been discovered in MS Outlook (All
> Versions) where anyone can fake a URL & send it
> across.
<>
This is a long-known issue with all Office applications that support
(by default) automatic HREF-ing (if making HTML) or other forms of
cross-referencing/web-linkin
21 matches
Mail list logo
