funsec mailing list archives
RE: RE: funsec Office 2007 has 0 security issues
From: "Richard M. Smith" <rms () computerbytesman com>
Date: Tue, 10 Apr 2007 09:05:22 -0400
These 3 Word bugs are interesting, but I suspect they are not exploitable in an Outlook email message because an email message is HTML text and not a Word .DOC file. To find security problems in Word that can be exploited from an Outlook email message instead requires fuzzing HTML. Securuty problems with HTML of course can be a problem with an email reader that supports HTML including readers which blindly convert HTML to plain text. I wonder how well Nick's Pegasus email reader has been vetted for HTML-related security problems? Richard -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Randall M Sent: Tuesday, April 10, 2007 7:15 AM To: funsec () linuxbox org Subject: [funsec] RE: funsec Office 2007 has 0 security issues [------------------------------ [ [Message: 5 [Date: Mon, 9 Apr 2007 20:02:50 -0400 [From: "Larry Seltzer" <Larry () larryseltzer com> [Subject: RE: [funsec] Outlook 2007: one step forward, two steps back? [To: <rms () computerbytesman com>, "FunSec [List]" <funsec () linuxbox org> [Message-ID: [ <0273B67044957C41BD71D12EBA2E00AE0FD3F8@becca.LarrySeltzer.local> [Content-Type: text/plain; charset="us-ascii" [ [Crashing is obviously bad, but I'm sure some of the problems it has with [complex web pages is in stripping out the complexity. I doubt frames are [legal in Outlook's HTML e-mail and scripting definitely isn't. [ [BTW, according to Secunia [(http://secunia.com/product/13228/?task=statistics) Office 2007 has 0 [security issues (so far), patched or otherwise. It's only been out a few [months, but I'm sure there are people beating on it since well before [its release. (You'd think this would give them more time to work on [crash bugs though.) [ [Larry Seltzer [eWEEK.com Security Center Editor http://www.milw0rm.com/exploits/3690 _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- RE: funsec Office 2007 has 0 security issues Randall M (Apr 10)
- RE: RE: funsec Office 2007 has 0 security issues Richard M. Smith (Apr 10)
- Re: RE: funsec Office 2007 has 0 security issues Valdis . Kletnieks (Apr 10)
- RE: RE: funsec Office 2007 has 0 security issues Richard M. Smith (Apr 10)
- Re: RE: funsec Office 2007 has 0 security issues Florian Weimer (Apr 10)
- RE: RE: funsec Office 2007 has 0 security issues Larry Seltzer (Apr 10)
- RE: RE: funsec Office 2007 has 0 security issues Nick FitzGerald (Apr 10)
- RE: RE: funsec Office 2007 has 0 security issues David Harley (Apr 10)
- RE: RE: funsec Office 2007 has 0 security issues Larry Seltzer (Apr 10)
- RE: RE: funsec Office 2007 has 0 security issues David Harley (Apr 10)
- RE: RE: funsec Office 2007 has 0 security issues Nick FitzGerald (Apr 11)
- RE: RE: funsec Office 2007 has 0 security issues Larry Seltzer (Apr 12)
- Re: RE: funsec Office 2007 has 0 security issues Valdis . Kletnieks (Apr 10)
- RE: RE: funsec Office 2007 has 0 security issues Richard M. Smith (Apr 10)