Question about homepage attack

Question

Question about homepage attack

Soutcast opened this issue 6 years ago · comments

I have a question about the homepage attack. You are still able to set a homepage of your account folder in the "data file properties" inside the Outlook GUI. You are also able to set that folder as the startup folder inside the "options" menu under the "advanced tab" inside the Outlook GUI. Does that mean that you can still use the homepage attack or is there something else I do not understand?

Soutcast · Answer 1 · Mon Aug 27 2018 08:34:13 GMT+0800 (China Standard Time)

You can set homepage under "Outlook Today".

Etienne Stalmans · Answer 2 · Mon Aug 27 2018 15:58:11 GMT+0800 (China Standard Time)

Hi Soutcast

I'm not seeing the option in Outlook 2016 16.0.4639.1000, can you list your steps to get to that option? It sounds like Outlook isn't patched against the homepage issue.

Steps I took:

File -> Account Settings
Data Files -> Settings

For Outlook Today, it used to be under the folder properties, but I'm not seeing anything.

Soutcast · Answer 3 · Mon Aug 27 2018 20:06:38 GMT+0800 (China Standard Time)

Hi @staaldraad,
I am using Outlook 2016 MSO 16.0.4639.1000 32-bit
Steps:

Go to Outlook Today which is the folder with your email address on it
Right click on the folder and select Data File Properties from the drop down menu
You can then set a homepage url under the homepage tab

Etienne Stalmans · Answer 4 · Tue Aug 28 2018 02:47:57 GMT+0800 (China Standard Time)

Hey @Soutcast

I see what you mean... Could you drop my an email at estalmans [at] gmail [.com] or DM on twitter @_staaldraad and we discuss further?

Soutcast · Answer 5 · Tue Aug 28 2018 06:46:35 GMT+0800 (China Standard Time)

I sent an email to your gmail address