[Esd-l] Outlook 2003 exploit using active scripting.

John D. Hardin jhardin at impsec.org
Fri May 21 06:08:43 PDT 2004

On Wed, 19 May 2004, Joe Steele wrote:

> I haven't studied the sample message (I didn't want to open it in
> Outlook, and I'm not sure how to open it otherwise), but I suspect
> that it sends itself as an "application/ms-tnef" MIME type (based
> on a little experimenting with embedding objects in a RTF Outlook
> message).  If this is indeed true, then defining
> "SECURITY_STRIP_MSTNEF" should be sufficient protection.  Would
> anyone care to confirm that this is how the sample message sends
> itself?

I've been in touch with the guy who announced the vulnerability. This
does appear to be the attack vector. $SECURITY_STRIP_MSTNEF is the

 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org    FALaholic #11174    pgpk -a jhardin at impsec.org
 key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
  Bush? Kerry? I'm so sick of our elections always being "choose the
  lesser of two evils."
   165 days until the Presidential Election

More information about the esd-l mailing list