Duh, of course attached .DOC files are a problem. But this is a problem for almost *any* email reader not just Outlook. It's a Word security issue, not an email reader security issue.
Booby-trapped Word .DOC files can also be downloaded from IE or FireFox or by clicking on a link in an email message. Richard -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 10, 2007 9:29 AM To: Richard M. Smith Cc: [email protected] Subject: Re: [funsec] RE: funsec Office 2007 has 0 security issues On Tue, 10 Apr 2007 09:05:22 EDT, "Richard M. Smith" said: > These 3 Word bugs are interesting, but I suspect they are not > exploitable in an Outlook email message because an email message is > HTML text and not a Word .DOC file. To find security problems in Word > that can be exploited from an Outlook email message instead requires fuzzing HTML. Not True. There's been *plenty* of evidence that "open attached file for details" is a highly successful way of deploying malware. If they'll go to the effort of saving an encrypted .zip file, then opening it with the provided password, they'll open a .doc file. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
