funsec mailing list archives
Outlook, IFRAMEs, and auto-executing .WMF files
From: "Richard M. Smith" <rms () computerbytesman com>
Date: Mon, 2 Jan 2006 15:14:07 -0500
Hi, For most Outlook users, it looks like a .WMF file will not auto-execute from an HTML email message using an IFRAME and the CID: protocol. With default security settings, Outlook (and Outlook Express) will not display any IFRAMEs. This change was made back in 2002 because of the Klez email worm: http://www.windowsitpro.com/Article/ArticleID/25269/25269.html It did verify however, if Outlook is set to a lower security setting, a .WMF file will auto-execute from an IFRAME in an HTML email message. Hopefully, it is rare that people are lowering their Outlook security settings even though Microsoft makes it relatively easy to do. On a related question, do Hotmail, Yahoo mail, and Gmail all block IFRAMEs when displaying HTML email messages? Richard M. Smith http://www.ComputerBytesMan.com _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Outlook, IFRAMEs, and auto-executing .WMF files Richard M. Smith (Jan 02)