Hello, Berend-Jan Wever!
The IFRAME vulnerability has been patched, see http://www.microsoft.com/technet/security/bulletin/ms04-040.mspx
Oh! Thanks, God!
Good that nobody has hit upon an idea until now about exploiting this to launch self-spreading mail virus without user interaction by putting iframe into HTML message body: this hole is exploitable even in restricted zone and millions of OE and Outlook lemmings would be doomed.
Such thought visited me nearly right away when I had known this issue.
-- Best regards, Raoul Nakhmanson-Kulish Elfor Soft Ltd., ERP Department http://www.elforsoft.ru/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
