Here's a goodie borrowed from http://www.theinquirer.net/?article=9288
and the bugtraq post
http://www.securityfocus.com/archive/1/319360/2003-04-20/2003-04-26/0:
The bug is listed on BugTraq as requiring five lines of HTML but, after
a small amount of experimentation, you'll find that it can be done with
just one line of HTML. The offending line?
<input type crash>
In fact, the word "crash" doesn't really make any difference; you can
put "calamari" or "IE sucks" in there and it will still go belly up.
So the Vole has definitely managed to outdo itself this time. According
to Neowin, Outlook, Frontpage and anything else that uses shlwapi.dll
suffers the same fate. So that simple line of malformed HTML could stop
you from reading your email too.
Charlie Clark wrote:
On 2003-05-05 at 21:35:54 [+0200], you wrote:
"Tony" <togermano@xxxxxxxxx> wrote:
sexFascinating idea, it doesn't help with the issue at hand though. ;-)
Oh, I don't know trolls work in interesting ways... Maybe it's a special compiler option so you get real Flash screens!
Anybody remember the what file type you can send to Outlook Express to cause to explode whatever?
Billy Goat Gruff
