[Esd-l] Outlook 2003 exploit using active scripting.
John D. Hardin
jhardin at impsec.org
Thu May 20 20:31:46 PDT 2004
On Thu, 20 May 2004, Smart,Dan wrote:
> I'm not mangling html files, but I have NOT set
> SECURITY_TRUST_HTML. So I take it this takes care of this
> vulnerability?
Again, not having seen a sample I can't say for sure, but I *think*
the active HTML defanging will stop this exploit.
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org FALaholic #11174 pgpk -a jhardin at impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Bush? Kerry? I'm so sick of our elections always being "choose the
lesser of two evils."
-----------------------------------------------------------------------
166 days until the Presidential Election
More information about the esd-l
mailing list