funsec mailing list archives
Re: Exploits deliveried by the clipboard?
From: "Richard M. Smith" <rms () computerbytesman com>
Date: Tue, 26 Feb 2008 12:42:45 -0500
Outlook 2007 now uses Word 2007 for editing HTML email messages. There is no longer a standalone HTML editor in Outlook. To view HTML email messages, Outlook 2007 still uses IE. I'm running IE7. However, I'm never seen any crashes from incoming messages. And yes, Outlook 2007 still uses IE's restricted zone for viewing HTML email messages. In addition, a bunch of other stuff gets turned off in IE such as IFRAMEs. Richard From: Larry Seltzer [mailto:Larry () larryseltzer com] Sent: Tuesday, February 26, 2008 12:24 PM To: Richard M. Smith; funsec () linuxbox org Subject: RE: [funsec] Exploits deliveried by the clipboard?
I'm seeing a good number of crashes in Outlook 2007 when editing email
messages. Most of these crashes happen when pasting HTML text which is copied from a Web page into an HTML email message. Makes me wonder if these crashes can be used to run exploit code. Does HTML e-mail still run in the IE restricted zone in Outlook 2007? What IE and Windows version are you using? Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.pcmag.com/securitywatch/ <http://blogs.pcmag.com/securitywatch/Contributing> Contributing Editor, PC Magazine larry.seltzer () ziffdavisenterprise com
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Exploits deliveried by the clipboard? Richard M. Smith (Feb 26)
- Re: Exploits deliveried by the clipboard? Larry Seltzer (Feb 26)
- Re: Exploits deliveried by the clipboard? Richard M. Smith (Feb 26)
- Re: Exploits deliveried by the clipboard? Larry Seltzer (Feb 26)