Reporter Packet Storm
`Date: Mon, 26 Apr 1999 05:07:19 -0700
From: "1nternal @geocities.com" <1nternal@MY-DEJANEWS.COM>
Subject: Minor privacy exploit in Outlook Express
Outlook Express uses HTML to display ceratin information in the 'outlook today' type part of outlook express, ie, the number of
unread messages in your inbox etc...
Because it is considered to be in the 'internet zone', this information needs to be safely scriptable, thus it can be accessed
by any site in this zone. This allows for a possible (although admittedly minor) privacy and possibly security problem.
The 'problem' lies in the 'OutlookExpress.MessageList' ActiveX control, which is marked safe for scripting, it allows for
counting the number of messages in any folder within outlook express, as well as the number of unread items and a few other
things, such as setting options, however, the options are only set for that instance only and are not saved.
An example of viewing the number of messages in a folder, as well as previewing the message (creating the file 'C:\oe_prev$.eml'
without the users permission). It should be noted that this preview message is not accessible remotely(without an exploit).
set MsgList = CreateObject("OutlookExpress.MessageList")
MsgList.Folder = 6
location.href = MsgList.PreviewMessage