2
Outlook by default blocks .url
attachments and not .htm
– why?
Any dangerous URL that could be in .url
file, could also easily be in a .htm
file and could be launched using javascript automatically. I see the same risk with both attachments, but Microsoft treats it differently. Am I missing something here? How is a .htm
file safer than .url
?
What else could be in .url
file that a hacker could not put in .htm
file?
Maybe there is a known vulnerability with
.url
files which would cause contained data to be interpreted without user interaction. – Der Hochstapler – 2012-02-28T12:59:08.397