funsec mailing list archives
Re: RE: funsec Office 2007 has 0 security issues
From: Valdis.Kletnieks () vt edu
Date: Tue, 10 Apr 2007 09:29:17 -0400
On Tue, 10 Apr 2007 09:05:22 EDT, "Richard M. Smith" said:
These 3 Word bugs are interesting, but I suspect they are not exploitable in an Outlook email message because an email message is HTML text and not a Word .DOC file. To find security problems in Word that can be exploited from an Outlook email message instead requires fuzzing HTML.
Not True. There's been *plenty* of evidence that "open attached file for details" is a highly successful way of deploying malware. If they'll go to the effort of saving an encrypted .zip file, then opening it with the provided password, they'll open a .doc file.
Attachment:
_bin
Description:
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- RE: funsec Office 2007 has 0 security issues Randall M (Apr 10)
- RE: RE: funsec Office 2007 has 0 security issues Richard M. Smith (Apr 10)
- Re: RE: funsec Office 2007 has 0 security issues Valdis . Kletnieks (Apr 10)
- RE: RE: funsec Office 2007 has 0 security issues Richard M. Smith (Apr 10)
- Re: RE: funsec Office 2007 has 0 security issues Florian Weimer (Apr 10)
- RE: RE: funsec Office 2007 has 0 security issues Larry Seltzer (Apr 10)
- RE: RE: funsec Office 2007 has 0 security issues Nick FitzGerald (Apr 10)
- RE: RE: funsec Office 2007 has 0 security issues David Harley (Apr 10)
- RE: RE: funsec Office 2007 has 0 security issues Larry Seltzer (Apr 10)
- RE: RE: funsec Office 2007 has 0 security issues David Harley (Apr 10)
- RE: RE: funsec Office 2007 has 0 security issues Nick FitzGerald (Apr 11)
- RE: RE: funsec Office 2007 has 0 security issues Larry Seltzer (Apr 12)
- RE: RE: funsec Office 2007 has 0 security issues Richard M. Smith (Apr 12)
- Re: RE: funsec Office 2007 has 0 security issues Valdis . Kletnieks (Apr 10)
- RE: RE: funsec Office 2007 has 0 security issues Richard M. Smith (Apr 10)