[Esd-l] Outlook 2003 exploit using active scripting.
SmartD at VMCMAIL.com
Thu May 20 08:48:46 PDT 2004
I'm not mangling html files, but I have NOT set SECURITY_TRUST_HTML. So I
take it this takes care of this vulnerability?
| -----Original Message-----
| From: John D. Hardin [mailto:jhardin at impsec.org]
| Sent: Thursday, May 20, 2004 8:39 AM
| It uses an "embedded OLE object" so it sounds like it should
| be defanged unless you have set SECURITY_TRUST_HTML, but
| without seeing a sample I can't be sure.
| Also, HTML file attachments are considered executable by
| default and will be mangled.
More information about the esd-l