Re: Exploits deliveried by the clipboard?

["Richard M. Smith" <rms () computerbytesman com>]

Outlook 2007 now uses Word 2007 for editing HTML email messages.  There is
no longer a standalone HTML editor in Outlook.

 

To view HTML email messages, Outlook 2007 still uses IE.  I'm running IE7.
However, I'm never seen any crashes from incoming messages.  

 

And yes, Outlook 2007 still uses IE's restricted zone for viewing HTML email
messages.  In addition, a bunch of other stuff gets turned off in IE such as
IFRAMEs.

 

Richard

 

From: Larry Seltzer [mailto:Larry () larryseltzer com] 
Sent: Tuesday, February 26, 2008 12:24 PM
To: Richard M. Smith; funsec () linuxbox org
Subject: RE: [funsec] Exploits deliveried by the clipboard?

 

> > I'm seeing a good number of crashes in Outlook 2007 when editing email
messages.  Most of these crashes happen when pasting HTML text which is
copied from a Web page into an HTML email message.  Makes me wonder if these
crashes can be used to run exploit code.  

 

Does HTML e-mail still run in the IE restricted zone in Outlook 2007? What
IE and Windows version are you using?

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.pcmag.com/securitywatch/
<http://blogs.pcmag.com/securitywatch/Contributing> 
Contributing Editor, PC Magazine
larry.seltzer () ziffdavisenterprise com

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.