Several vulnerabilities that have to do with URL processing and some methods of presenting file locations but I don't see anything that is specifically cross site scripting. Remember that there are some significant limitations on script execution in the outlook HTML environment.
That's not to say that it cant be done or is impossible or any such criminally stupid pronouncement on that order however I have yet to find significant trusted evidence of it in any of the vulnerability databases I referenced. -W Wayne S. Anderson -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Saturday, April 26, 2008 8:07 AM To: [email protected] Subject: Cross-Site scripting Does anyone know of any incidents involving cross-site scripting and Microsoft Outlook 2003 or 2007? Does the change within Outlook 2007 and it's HTML rendering engine support still leave clients susceptible to this attack? R4
