funsec mailing list archives
RE: RE: funsec Office 2007 has 0 security issues
From: "Richard M. Smith" <rms () computerbytesman com>
Date: Tue, 10 Apr 2007 09:37:38 -0400
Duh, of course attached .DOC files are a problem. But this is a problem for almost *any* email reader not just Outlook. It's a Word security issue, not an email reader security issue. Booby-trapped Word .DOC files can also be downloaded from IE or FireFox or by clicking on a link in an email message. Richard -----Original Message----- From: Valdis.Kletnieks () vt edu [mailto:Valdis.Kletnieks () vt edu] Sent: Tuesday, April 10, 2007 9:29 AM To: Richard M. Smith Cc: funsec () linuxbox org Subject: Re: [funsec] RE: funsec Office 2007 has 0 security issues On Tue, 10 Apr 2007 09:05:22 EDT, "Richard M. Smith" said:
These 3 Word bugs are interesting, but I suspect they are not exploitable in an Outlook email message because an email message is HTML text and not a Word .DOC file. To find security problems in Word that can be exploited from an Outlook email message instead requires
fuzzing HTML. Not True. There's been *plenty* of evidence that "open attached file for details" is a highly successful way of deploying malware. If they'll go to the effort of saving an encrypted .zip file, then opening it with the provided password, they'll open a .doc file. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- RE: funsec Office 2007 has 0 security issues Randall M (Apr 10)
- RE: RE: funsec Office 2007 has 0 security issues Richard M. Smith (Apr 10)
- Re: RE: funsec Office 2007 has 0 security issues Valdis . Kletnieks (Apr 10)
- RE: RE: funsec Office 2007 has 0 security issues Richard M. Smith (Apr 10)
- Re: RE: funsec Office 2007 has 0 security issues Florian Weimer (Apr 10)
- RE: RE: funsec Office 2007 has 0 security issues Larry Seltzer (Apr 10)
- RE: RE: funsec Office 2007 has 0 security issues Nick FitzGerald (Apr 10)
- RE: RE: funsec Office 2007 has 0 security issues David Harley (Apr 10)
- RE: RE: funsec Office 2007 has 0 security issues Larry Seltzer (Apr 10)
- RE: RE: funsec Office 2007 has 0 security issues David Harley (Apr 10)
- RE: RE: funsec Office 2007 has 0 security issues Nick FitzGerald (Apr 11)
- RE: RE: funsec Office 2007 has 0 security issues Larry Seltzer (Apr 12)
- RE: RE: funsec Office 2007 has 0 security issues Richard M. Smith (Apr 12)
- RE: RE: funsec Office 2007 has 0 security issues David Harley (Apr 13)
- Re: RE: funsec Office 2007 has 0 security issues Valdis . Kletnieks (Apr 10)
- RE: RE: funsec Office 2007 has 0 security issues Richard M. Smith (Apr 10)