These 3 Word bugs are interesting, but I suspect they are not exploitable in an Outlook email message because an email message is HTML text and not a Word .DOC file. To find security problems in Word that can be exploited from an Outlook email message instead requires fuzzing HTML. Securuty problems with HTML of course can be a problem with an email reader that supports HTML including readers which blindly convert HTML to plain text.
I wonder how well Nick's Pegasus email reader has been vetted for HTML-related security problems? Richard -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Randall M Sent: Tuesday, April 10, 2007 7:15 AM To: [email protected] Subject: [funsec] RE: funsec Office 2007 has 0 security issues [------------------------------ [ [Message: 5 [Date: Mon, 9 Apr 2007 20:02:50 -0400 [From: "Larry Seltzer" <[EMAIL PROTECTED]> [Subject: RE: [funsec] Outlook 2007: one step forward, two steps back? [To: <[EMAIL PROTECTED]>, "FunSec [List]" <[email protected]> [Message-ID: [ <[EMAIL PROTECTED]> [Content-Type: text/plain; charset="us-ascii" [ [Crashing is obviously bad, but I'm sure some of the problems it has with [complex web pages is in stripping out the complexity. I doubt frames are [legal in Outlook's HTML e-mail and scripting definitely isn't. [ [BTW, according to Secunia [(http://secunia.com/product/13228/?task=statistics) Office 2007 has 0 [security issues (so far), patched or otherwise. It's only been out a few [months, but I'm sure there are people beating on it since well before [its release. (You'd think this would give them more time to work on [crash bugs though.) [ [Larry Seltzer [eWEEK.com Security Center Editor http://www.milw0rm.com/exploits/3690 _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
