[Esd-l] Modifying the sanitizer to scan for INCLUDETEXT fields

Brett Glass brett at lariat.org
Wed Oct 2 17:47:01 PDT 2002


You may also want to scan for an INCLUDEPICTURE field. According to some 
recently published articles, it's potentially even more dangerous than 
INCLUDETEXT because it can contain an arbitrary URL that can be generated 
from VBA variables and/or function calls.


More information about the esd-l mailing list