I've heard people discusses the possibilities of useing this to execute arbitray code before, however, I've never managed to replicate anyones findings on this yet, however there has been quite a bit of talk on other lists in the past, and I've been asked by people to look into it but I cant seem to find anything ethier
Supposivly you can use the same flaw to execute arbitrary code, however, I've been unable to see it replicated yet, so I wouldnt put much stalk into it. ----- Original Message ----- From: "Richard M. Smith" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, August 08, 2003 12:18 AM Subject: RE: [Full-Disclosure] Notepad popups in Internet Explorer and Outlook > I fiddle a little bit with view-source: and WordPad but nothing seemed > too interesting. WordPad always opened a large file as a plain text > file. I was checking to see if it might open a file as Word .DOC file, > but had no luck. > > Richard > > -----Original Message----- > From: Georgi Guninski [mailto:[EMAIL PROTECTED] > Sent: Thursday, August 07, 2003 3:57 PM > To: Richard M. Smith > Cc: [EMAIL PROTECTED] > Subject: Re: [Full-Disclosure] Notepad popups in Internet Explorer and > Outlook > > > Richard, you irresponsible m$ puppy! > How irresponsible and self promoting of you to not give m$ chance to fix > this > huge hole! > btw, on win9x you may have more fun with view-source and wordpad: > http://lists.insecure.org/lists/bugtraq/2000/Feb/0388.html > > georgi > > > > Richard M. Smith wrote: > > Hi, > > > > Do Notepad popups represent a security risk or are they simply another > > way for spammers and marketers to annoy us? Because of a design flaw > in > > Internet Explorer, Notepad popup windows can be displayed from an HTML > > email message or Web page regardless of browser security settings. In > > addition, Notepad popups can access files on a hard disk, possibilly > > causing stability problems in a Windows saystem. > > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
