[Esd-l] Outlook 2003 exploit using active scripting.

Smart,Dan SmartD at VMCMAIL.com
Thu May 20 08:48:46 PDT 2004

 I'm not mangling html files, but I have NOT set SECURITY_TRUST_HTML.  So I
take it this takes care of this vulnerability?


| -----Original Message-----
| From: John D. Hardin [mailto:jhardin at impsec.org] 
| Sent: Thursday, May 20, 2004 8:39 AM
| It uses an "embedded OLE object" so it sounds like it should 
| be defanged unless you have set SECURITY_TRUST_HTML, but 
| without seeing a sample I can't be sure.
| Also, HTML file attachments are considered executable by 
| default and will be mangled.

More information about the esd-l mailing list