[Esd-l] Fwd: Notepad popups in Internet Explorer and Outlook

Marcus Williams marcus at quintic.co.uk
Wed Aug 6 01:18:32 PDT 2003


Another thing to look out for in the sanitizer? I havnt tried this
through the sanitizer yet, but I assume it would get through. I'm not
sure if there is an exploit here, but like the article says a user
could corrupt a system file accidently because of it.

Marcus

-------%<------ Forwarded Message
From: Richard M. Smith <rms at computerbytesman.com>
To: "BUGTRAQ at SECURITYFOCUS. COM" <BUGTRAQ at SECURITYFOCUS.COM>
Date: Monday, August 4, 2003, 7:57:47 PM
Subject: Notepad popups in Internet Explorer and Outlook

Hi,

Do Notepad popups represent a security risk or are they simply another
way for spammers and marketers to annoy us? Because of a design flaw in
Internet Explorer, Notepad popup windows can be displayed from an HTML
email message or Web page regardless of browser security settings. In
addition, Notepad popups can access files on a hard disk, possibilly
causing stability problems in a Windows saystem. 

For more details, see: 

  http://www.computerbytesman.com/security/notepadpopups.htm

Question:  What kind of operating system allows an email message to
automatically start up a text editor to change a system file?

Richard M. Smith
http://www.ComputerBytesMan.com






-------%<------ EOF



More information about the esd-l mailing list