[Esd-l] Outlook 2003 exploit using active scripting.
John D. Hardin
jhardin at impsec.org
Thu May 20 06:39:10 PDT 2004
On Wed, 19 May 2004, Smart,Dan wrote:
> John:
> Do you have a suggestion on how to handle this new Outlook 2003
> vulnerability? See:
>
> http://secunia.com/advisories/11629/
It uses an "embedded OLE object" so it sounds like it should be
defanged unless you have set SECURITY_TRUST_HTML, but without seeing
a sample I can't be sure.
Also, HTML file attachments are considered executable by default and
will be mangled.
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org FALaholic #11174 pgpk -a jhardin at impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Bush? Kerry? I'm so sick of our elections always being "choose the
lesser of two evils."
-----------------------------------------------------------------------
166 days until the Presidential Election
More information about the esd-l
mailing list