----- Original Message -----
Sent: Monday, August 04, 2003 6:17
PM
Subject: RE: [Full-Disclosure] HTML
FORMATED MAIL ( ie - oe - html ) bgsound local file - ding?
Do you have an exploit example for this that is anything other
than just an annoyance?
Joshua Thomas
Network Operations
Engineer
PowerOne Media, Inc.
tel: 518-687-6143
[EMAIL PROTECTED]
-----Original Message-----
From: morning_wood [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 04, 2003 7:55 PM
To: [EMAIL PROTECTED];
0day; [EMAIL PROTECTED]
Subject: [Full-Disclosure] HTML FORMATED MAIL ( ie - oe -
html ) bgsound local file - ding?
ding ding ding <--- its a local file
this should work reading FROM hotmail as well or any web ( html )
based
mail reader ( i think )
the tag <BGSOUND> carries many optopns as well, and referenced
at
http://msdn.microsoft.com/workshop/author/dhtml/reference/objects/bgsound.asp
this is calling c:\windows\media\ding.wav ( 9x / XP ) and
c:\winnt\media\ding.wav
this affects Microsft Win9x /
NT / 2K / XP / 200? is this an annoyance or bug?
Donnie Werner
[EMAIL PROTECTED]
http://e2-labs.com
view this
online at http://exploit.philez.com/ding.htm
t'nks buRdeN fer the test'n
