RE: More Office XP problems

["Leonard Chung" <leonardc () cs berkeley edu>]

> This is the default option on Outlook, I believe.

The default for Outlook is actually to use the Outlook editor and NOT the
Word editor for all previous versions of Outlook (Outlook 2000 and Outlook
97).

I doubt MS changed the default for Outlook XP as Outlook is supposed to be a
standalone e-mail/PIM that doesn't require Word.

Leonard

-----Original Message-----
From: Georgi Guninski [mailto:guninski () guninski com]
Sent: Thursday, April 04, 2002 2:49 AM
To: Ben Schorr
Cc: 'BUGTRAQ () SECURITYFOCUS COM'
Subject: Re: More Office XP problems

Ben Schorr wrote:
> Worth noting that this problem (the Outlook part anyhow) appears to
actually
> be a Word vulnerability in that it only affects people who use the
WordMail
> editor.  People who use the default Outlook editor are apparently not
> affected by the forward/reply vulnerability.
>
> http://www.slipstick.com for more info.
>
> That's not to suggest that it isn't a vulnerability that shouldn't be
fixed
> - just that there appears to be a fairly easy workaround and not all users
> are affected to begin with.

This is the default option on Outlook, I believe.


> To work-around this problem in Outlook go to Tools | Options | Mail Format
> and uncheck the boxes for "Use Word to..."  That will cause Outlook to use
> it's own native editor for such things and shuts the window on this
exploit.
>

While this will prevent the reply/forward issue, it won't help if one
receives and opens .doc or .xls attachment with the bug, will it?

That's why I suggest uninstalling/deleting as much buggyware as one can.

Georgi Guninski
http://www.guninski.com