<<< Date Index >>>     <<< Thread Index >>>

RE: PING: Outlook 2003 Spam




I think Mark might be onto something both the vml and the copies 
of named files in the temp folder no longer appear to occur:

http://www.securityfocus.com/bid/10323 
http://www.securityfocus.com/bid/10307 

Those notes are dated 10th and 11th May. On the machine they no 
longer work on, we have a couple XP so-called 'patches' from 
14th May and 17th May with a 3 or 4 office update folders with 
files created on 17th May as well.

How's that for service. Quick, silent patching ! No need to 
bother anyone ! Well done lads.

[unless of course if our little XP test machines are broken and 
we are seeing things]

"Spencer, Mark" <mspencer@xxxxxxxxxxxxxxx> said:

> Hello,
> 
> A coworker and I spent much of the day yesterday trying to 
replicate
> this behavior and we were not able to do so.  The only time we 
can get
> Outlook 2003 to pull anything from our server with this code 
is when we
> send the email within our own MS Exchange.  We've tried 
multiple
> clients, multiple SMTP servers, and many variations of the 
code below
> and have not been successful, other than emails sent between 
Exchange
> users.
> 
> I have not seen any other comments on this issue.  Is it 
possible
> Microsoft has already patched Outlook 2003 to only allow this 
behavior
> when dealing with a trusted zone?
> 
> Mark
> 
> -----Original Message-----
> From: http-equiv@xxxxxxxxxx [mailto:1@xxxxxxxxxxx] 
> Sent: Tuesday, May 11, 2004 8:42 AM
> To: bugtraq@xxxxxxxxxxxxxxxxx
> Cc: NTBugtraq@xxxxxxxxxxxxxxxxxxxxxx
> Subject: PING: Outlook 2003 Spam
> 
> 
> 
> Tuesday, May 11, 2004
> 
> Outlook 2003 the premier mail client from the company 
called 'Microsoft'
> certainly appears to have a lot of security features built 
into it.
> Cursory examination shows excellent thought into 'spam' 
containment,
> 'security' consideration and many other little 'things'. So 
much so the
> default rendering of html is in so-called 'restricted zone' 
which
> disallows nearly everything [frames, iframes, objects, 
scripting etc.].
> In addition 'special' spam measures are taken to disallow 
graphic
> downloads from a remote server in html email which can be used 
to verify
> recipients:
> 
> [screen shot: http://www.malware.com/duhlook.png 40KB]        
> 
> The Key Word is: nearly 
> 
> Utilising Outlook's own bizarre scheMAH ! which comprises 
a 'proper'
> frame along with an src pointing to our remote server, we are 
able to
> ping the server and confirm our recipient has viewed our 
email. We don't
> require graphics or frames or iframes to do that:
> 
> <v:vml frame style="LEFT: 50px; WIDTH: 300px; POSITION: 
> relative; TOP: 30px; HEIGHT: 200px" 
> src = "http://www.malware.com/duh.txt#malware";></v:vmlframe>
> 
> <HTML>
> <HEAD>
> <STYLE>
> v\:* { behavior: url(#default#VML); }
> </STYLE>
> <XML:NAMESPACE NS="urn:schemas-microsoft-com:vml" PREFIX="v"/> 
</HEAD>
> 
> 
> Notes:
> 
> 1. We now commence our examination of the Microsoft Office 
2003 suite,
> we're a bit late, but it has taken all this time to save up to 
buy the
> thing 2. Quick 72 hour prodding reveals that this 'perceived' 
premier
> device known as Outlook 2003 is in fact riddled with holes 3. 
Do not
> receive or open any emails period.  Use string and tin cans if 
you must
> communicate
> 
> 
> 
> End Call
> 
> 
> --
> http://www.malware.com
> 
> 
> 
> 
> 
> 



-- 
http://www.malware.com