Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Virus' and the Preview Pane 2

Status
Not open for further replies.
jschweg

jschweg

IS-IT--Management
Dec 19, 2002
127
US
Question for you guys. It seems that a lot of these new worms/E-Mail virus' can sometimes autoexecute through the Outlook preview pane, not requiring the user to open the message.

How can this be prevented? Is there a security setting that can stop this?

I have a very good virus filtering/scanner in place which prevents infection anyway, but I guess I'm a little nervous with all these bugs running around
 
Sort by date Sort by votes
Unless you're using a really old unpatched version of outlook, scripts won't execute in the preview pane.

HTML tags will be processed, however I do not know of any eploits based on this.


Just for fun:

1. Open notepad and create a new file called sound.htm
2. put the following in it -
<HTML><HEAD></HEAD><BODY><BGSOUND SRC='yourwavfile.wav'></BODY></HTML> and save it
3. In Outlook [works in 98-2003], tools, options, mail format; ensure that you are using html and click signatures.
4. Click new signature from template and choose sound.htm
5. Call it whatever you want and save it.
6. In outlook, create a new message.
7. Insert the attachment yaourwavefile.wav
8. Insert - signature the signature you create.
9. Send it to someone.


The attachment will arrive with no attachment symbol and appear to be blank. If highlighted in the preview pane, the sound file will play.

This has been possible in every version of Outlook since Outlook 98.


 
Upvote 0 Downvote
Yea, I jumped the gun, I have a feeling the person is running and unpatched Outlook 2000, probably one of the few in the office that didn't get done by the previous admin.

Do you happen to know if the script execution was a bug in Office 2000 or only earlier versions?

Haha, that HTML trick is neat. Rather scary, but neat none the less.
 
Upvote 0 Downvote
If you use the optional volume= parameter of the bgsound tag to crank up the volume, and a choice southpark wav file, it can be quite amusing to send to an unsuspecting cowworker. My personal favorite is to attach the AOL you've got mail wav file.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

david jackson
  • Locked
  • Question
Extract only the subject and recipients from a mailbox
Replies
0
Views
2K
david jackson
david jackson
Rohit Bareja
  • Locked
  • Question
View and access only own records, and not the records by others on SharePoint.
Replies
3
Views
3K
garysm
garysm
pinytech
  • Locked
  • Question
What is the function of the SSL Cert in Exch 2010
Replies
1
Views
287
DrB0b
DrB0b
ComputersUnlimited
  • Locked
  • Question
Exchange 2010 and Office 365
Replies
0
Views
209
ComputersUnlimited
ComputersUnlimited
CorbinMyMan
  • Locked
  • Question
Lost public folders on production server. Still have db and backups. Best way to restore?
Replies
3
Views
307
CorbinMyMan
CorbinMyMan

Part and Inventory Search

Sponsor

Back
Top