[Esd-l] Why is this not filtered

Bill Larson blarson at compu.net
Thu Dec 19 08:50:01 PST 2002


<bgsound balance=3D0 src=3D"cid:000901c2a73b$b7e85180$2700a8c0 at server" =
volume=3D0
loop=3D3>

I would be more than happy to share the obnoxious sound I received. However
anything that can read active content stored in an email and then execute it
is inherently bad. I remember multiple times where sound content was used to
execute code. I don't think this has been played with too much yet but I am
sure there is probably room to exploit here. Why are we not defanging
bgsound tags.



More information about the esd-l mailing list