[Esd-l] Outlook 2003 exploit using active scripting.

John D. Hardin jhardin at impsec.org
Thu May 20 20:31:46 PDT 2004


On Thu, 20 May 2004, Smart,Dan wrote:

>  I'm not mangling html files, but I have NOT set
> SECURITY_TRUST_HTML.  So I take it this takes care of this
> vulnerability?

Again, not having seen a sample I can't say for sure, but I *think*
the active HTML defanging will stop this exploit.

--
 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org    FALaholic #11174    pgpk -a jhardin at impsec.org
 key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  Bush? Kerry? I'm so sick of our elections always being "choose the
  lesser of two evils."
-----------------------------------------------------------------------
   166 days until the Presidential Election


More information about the esd-l mailing list