Outlook 2007 now uses Word 2007 for editing HTML email messages. There is no longer a standalone HTML editor in Outlook.
To view HTML email messages, Outlook 2007 still uses IE. I'm running IE7. However, I'm never seen any crashes from incoming messages. And yes, Outlook 2007 still uses IE's restricted zone for viewing HTML email messages. In addition, a bunch of other stuff gets turned off in IE such as IFRAMEs. Richard From: Larry Seltzer [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 26, 2008 12:24 PM To: Richard M. Smith; [email protected] Subject: RE: [funsec] Exploits deliveried by the clipboard? >>I'm seeing a good number of crashes in Outlook 2007 when editing email messages. Most of these crashes happen when pasting HTML text which is copied from a Web page into an HTML email message. Makes me wonder if these crashes can be used to run exploit code. Does HTML e-mail still run in the IE restricted zone in Outlook 2007? What IE and Windows version are you using? Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.pcmag.com/securitywatch/ <http://blogs.pcmag.com/securitywatch/Contributing> Contributing Editor, PC Magazine [EMAIL PROTECTED]
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
