I pointed out the use of the Outlook:
protocol in http://seclists.org/lists/fulldisclosure/2004/Jul/0460.html.
I have yet to find a way that it can be exploited.
As for the Callto: protocol, that is one
of many registered URL types. If you look in Folder Options File
Types you will see
!--
I'm also really curious how this could be exploited.
--
What do you mean: I'm also really curious how this could be
exploited.
it's already been exploited, it was all over the news and
security lists a few months ago.
What is this: eWEEK.com Security Center Editor Is someone
What is this: eWEEK.com Security Center Editor Is someone paying you? Can I be one
too?
Sorry, you need to be able to write coherent english.
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.ziffdavis.com/seltzer
[EMAIL PROTECTED]
Is there anything you can do to Outlook that way, or will it just open?
On a sidenote, I wish people would just call it Microsoft or MS and drop the dollar
sign. Seriously, what is that for?
GO Micro$opht IE (on XPee only) launches messenger by
GO callto:gates or outlook by outlook:calendar
GO Micro$opht IE (on XPee only) launches messenger by callto:gates or
GO outlook by outlook:calendar protocols
Is there anything you can do to Outlook that way, or will it just open?
Here's the documentation on the outlook: scheme: