Many of these security problems have been introduce in the last year or so with the move to using HTML in Email messages. Unlike ASCII text messages, HTML Email messages can contain rich text and graphics as part of mail message just like Web pages. HTML allows users to create more professional looking Email messages. However, HTML messages can also contain embedded JavaScript programs, Java applets, and ActiveX controls. These embedded programs are automatically executed when an Email message is read. Even though these languages are all considered "safe", there are still many security hazards associated

Backdoors for executing program from Email

• Excel Call and Word Template security holes Important!
• Booby-trapped link bug in Eudora 4
• You can't say no to Authenticode
• Auto-execute Microsoft Word for an Email message
• Demo of the Excel Call security hole

Theft of private files using Email

• Serious security hole in Microsoft's Personal Web Server
• Steal files using the TDC ActiveX control

Privacy leaks and Email

• Tell me about my system
• Show me what Netscape Plugins are installed
• Let Netscape show me what applications are installed on my computer
• Silent Email sender using JavaScript and CGI
• Automatic newsgroup poster using JavaScript and CGI
• Who Are You? newsgroup message

Denial-of-service attacks in Email

• JavaScript denial of service attacks
• Hostile Java applet that can cause file corruption
• AUX bug crashes Internet Explorer 4 and Windows 95

Miscellaneous

• SuperSpam(tm)!
• Turn on the IE4 Active Desktop
• My letter to Email vendors about security problems