RE: [Full-Disclosure] MicroSopht IE (on XPee only) launches messenger by callto:gates or outlook by outlook:calendar protocols

I pointed out the use of the Outlook: protocol in http://seclists.org/lists/fulldisclosure/2004/Jul/0460.html. I have yet to find a way that it can be exploited. As for the Callto: protocol, that is one of many registered URL types. If you look in Folder Options File Types you will see

Re: [Full-Disclosure] MicroSopht IE (on XPee only) launches messenger by callto:gates or outlook by outlook:calendar protocols

!-- I'm also really curious how this could be exploited. -- What do you mean: I'm also really curious how this could be exploited. it's already been exploited, it was all over the news and security lists a few months ago. What is this: eWEEK.com Security Center Editor Is someone

RE: [Full-Disclosure] MicroSopht IE (on XPee only) launches messenger by callto:gates or outlook by outlook:calendar protocols

What is this: eWEEK.com Security Center Editor Is someone paying you? Can I be one too? Sorry, you need to be able to write coherent english. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blog.ziffdavis.com/seltzer [EMAIL PROTECTED]

Re: [Full-Disclosure] MicroSopht IE (on XPee only) launches messenger by callto:gates or outlook by outlook:calendar protocols

Is there anything you can do to Outlook that way, or will it just open? On a sidenote, I wish people would just call it Microsoft or MS and drop the dollar sign. Seriously, what is that for? GO Micro$opht IE (on XPee only) launches messenger by GO callto:gates or outlook by outlook:calendar

RE: [Full-Disclosure] MicroSopht IE (on XPee only) launches messenger by callto:gates or outlook by outlook:calendar protocols

GO Micro$opht IE (on XPee only) launches messenger by callto:gates or GO outlook by outlook:calendar protocols Is there anything you can do to Outlook that way, or will it just open? Here's the documentation on the outlook: scheme: