Sponsored link
Vyatta –
Linux & Open Source
Alternative to Cisco –
Advanced Routing,
Firewall, VPN, QoS..
Free Download ->
| |||||||||||
"Security hole"?"Security hole"?Posted Oct 12, 2003 16:29 UTC (Sun) by dsime (guest, #5764)In reply to: "Security hole"? by TwoTimeGrime Parent article: E-mail filters not fooled by signed spam (News.com)
In point-of-fact I don't even have to do that as the default configuration for Outlook is to display the inbox in such a way that it opens notes so you can see the "first few lines", just by having them highlighted on the list. So in order for Lookout to execute arbitrary code all I have to do is start it. THAT I would not think would classify as secure in anybody's book.
(Log in to post comments)
"Security hole"? Posted Oct 12, 2003 16:43 UTC (Sun) by TwoTimeGrime (guest, #11688) [Link] Care to tell us what these arbitrary commands are? I've had no problems with Outlook wanting to execute attachments or run code since I've installed the available patches.
"Security hole"? Posted Oct 13, 2003 7:45 UTC (Mon) by diegor (guest, #1967) [Link] It's a old Outlook express bugs. I don't know exactly where is fixed. BTW:the trick is that outlook was configured in highly insecure way, so the autopreview open any attachment that looks like a image. So if you made an attachment that is a executable, named pippo.gif.exe (to fool the user) and mime type 'image/gif', outlook open it using run32.dll. But run32dll it recognizes that it is an executable, and run it. Be happy, the nice autopreview feature have installed a new virus, even if you haven't clicked on the image.... The problem with outlook (and many other office program) is that until now they are not designed with security in mind. Regards,
|
|||||||||||