Security issue in Microsoft Outlook

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Security issue in Microsoft Outlook
From: Bakchodiya <bakchodiya@xxxxxxxxx>
Date: Wed, 18 May 2005 13:27:45 -0700 (PDT)
Cc: full-disclosure@xxxxxxxxxxxxxxxxx
Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; b=M5L2nSOmS8XU4q2igA6bSOt6ajGqBYhMtgWKSe0m6xwb0agxd3NfwG89oI0SjnmqNCA/TzNfBspJ7wr+eQxJt5eijHMUv0EhhtuQINHrbCrgOiGOTCpvKzOPoeO33BubcF3zXPqWCmEMeJsQFou9I7K5b+vN/PoFsoUa+WtOFfY= ;
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

An issue has been discovered in MS Outlook (All
Versions) where anyone can fake a URL & send it
across.

How does it work:

Lets compose an email in MS Outlook, lets type


http://www.cybertrion.com & put a space after it to
make it a link. Now put your cursor just before
cybertrion & type any URL for eg: 
http://www.foo-labs.info now send it to anyone. The
receiver will see the URL as http://www.foo-labs.info
but when he clicks on it it will directly take him to
http://www.cybertrion.com

I am not sure how critical this is but it can fool
alot of people & result in download of a virus.

For more details and Discovered by:
Cybertrion Systems,
http://www.cybertrion.com


                
__________________________________ 
Do you Yahoo!? 
Yahoo! Mail - Find what you need with new enhanced search. 
http://info.mail.yahoo.com/mail_250

Prev by Date: [FLSA-2005:152771] Updated pam packages fix security issue
Next by Date: UnixWare 7.1.4 : Updated mozilla fixes many security issues
Previous by thread: [FLSA-2005:152771] Updated pam packages fix security issue
Next by thread: RE: Security issue in Microsoft Outlook
Index(es):
- Date
- Thread