Scripting Concerns in OutlooK+Ie4+? 
Author Message
 Scripting Concerns in OutlooK+Ie4+?

Outlook Security Script Concerns
I think its a good thing to have the functionality of ie4 in a e-mail package but it is open to abuse from Malicious programmers wishing to drop viruses freeze browsers etc. presumably you can use active x as well which has numerous flaws in it (close operating systems,rename directorys,steal money from a quicken user etc, for a demonstration of what i mean click the buttons below (Note:this will freeze outlook express).

Click For Demo J

If you clicked them you would have seen the code and with a little tweaking
Vb script will do the same.

Solution would be plain text but this is not enabled at default or to only allow
flash or animated gifs.
as soon as you bring any sort of functionality into a application people abuse it!!!

Scripting is great fun and easy to learn and can give amazing effects but
security has to come before functionality eg. Hidden fields, Impossible
calculations,getting e-mail addresses,onload on unload commands,
infinite loops etc .
Some of these functions are incredibly useful but when abused are incredibly annoying!

responses to this thread would be appreciated

A Microsoft Luva :)



Tue, 14 Aug 2001 03:00:00 GMT  
 Scripting Concerns in OutlooK+Ie4+?
Yep, there is lot's of bad stuff that can be done from JavaScript inside
of Email messages.  Here is information about of some of the problems:

    http://www.tiac.net/users/smiths/security/email/index.htm

Richard



Tue, 14 Aug 2001 03:00:00 GMT  
 
 [ 2 post ] 

 Relevant Pages 

1. ** ? concerning CreateObject("Scripting.FileSystemObject")

2. ** ? concerning CreateObject("Scripting.FileSystemObject")

3. Concerns about scripting

4. Script concern

5. Newbie Question concerning clientWidth script

6. Script Outlook and Outlook Express

7. How to config outlook and outlook express by writing scripting

8. mac ie4 different than pc ie4, causes problem on site

9. invoke print dialog in IE4 from scripts

10. Intermittent Script error on IE4.0

11. setting print option in IE4 using script

12. Problem with scripting in IE4

 

 
Powered by phpBB® Forum Software