funsec mailing list archives

Re: RE: funsec Office 2007 has 0 security issues

From: Valdis.Kletnieks () vt edu
Date: Tue, 10 Apr 2007 09:29:17 -0400

On Tue, 10 Apr 2007 09:05:22 EDT, "Richard M. Smith" said:

These 3 Word bugs are interesting, but I suspect they are not exploitable in
an Outlook email message because an email message is HTML text and not a
Word .DOC file.  To find security problems in Word that can be exploited
from an Outlook email message instead requires fuzzing HTML.


Not True.

There's been *plenty* of evidence that "open attached file for details"
is a highly successful way of deploying malware.  If they'll go to the
effort of saving an encrypted .zip file, then opening it with the provided
password, they'll open a .doc file.

Attachment: _bin
Description:

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

RE: funsec Office 2007 has 0 security issues Randall M (Apr 10)
- RE: RE: funsec Office 2007 has 0 security issues Richard M. Smith (Apr 10)
  - Re: RE: funsec Office 2007 has 0 security issues Valdis . Kletnieks (Apr 10)
    - RE: RE: funsec Office 2007 has 0 security issues Richard M. Smith (Apr 10)
    - Re: RE: funsec Office 2007 has 0 security issues Florian Weimer (Apr 10)
    - RE: RE: funsec Office 2007 has 0 security issues Larry Seltzer (Apr 10)
    - RE: RE: funsec Office 2007 has 0 security issues Nick FitzGerald (Apr 10)
    - RE: RE: funsec Office 2007 has 0 security issues David Harley (Apr 10)
    - RE: RE: funsec Office 2007 has 0 security issues Larry Seltzer (Apr 10)
    - RE: RE: funsec Office 2007 has 0 security issues David Harley (Apr 10)
    - RE: RE: funsec Office 2007 has 0 security issues Nick FitzGerald (Apr 11)
    - RE: RE: funsec Office 2007 has 0 security issues Larry Seltzer (Apr 12)
    - RE: RE: funsec Office 2007 has 0 security issues Richard M. Smith (Apr 12)

(Thread continues...)