[Esa-l] Yet ANOTHER Microsoft Active Scripting hole

[Brett Glass]

According to Georgi Guninski, users of Outlook Express who have turned 
off Active Scripting are STILL subject to exploitation by malicious 
scripts that employ XML scripting. See

http://www.guninski.com/iexslt.html

for an example. It looks as if attachments with .eml, .xsl, and .xml 
extensions should be mangled, defanged, or even poisoned.... IFRAME tags 
are already disabled by John's santizier if they appear in the body of 
the message, but not if they're in .eml files.

--Brett