Hello Marck D Pearlstone, on Sat, 15 Nov 2003 22:11:46 +0000 (2003-11-15 23:11:46 in .nl) in the message with reference <mid:[EMAIL PROTECTED]> you wrote (at least in part):
MDP> TB macros are only executed when TB evaluates a template. Got that. MDP> If you have a template that refers to macros in a disk file in your MDP> attachments folder then conceivably someone could send you a MDP> malicious macro and the very next time you evoke a template (for a MDP> reply, auto-responder, new message, confirmation or forward) it MDP> could execute the malicious code. So, conclusion: don't use an attachment folder to store attachments?! I don't use an attachment folder, hence the question below: If one uses an attachment folder, and some file containing macro exists in there. Then you receive another email with an attachment using the same name as the macro-file, will it be over-written without asking to do so? Then that's a security risk! BTW: my macros / templates are stored elsewhere. MDP> BUT!!! MDP> 1) The person sending you the code would have to know the name of MDP> the file you use. Ya, numerous MS exploits work that way. MDP> 2) You would have to have had your brain removed to write such a MDP> template that calls upon a file in the attachments folder in the MDP> first place - and then *told* someone about it! Seems you'r not aware how an 'average' Windows user is willing to share information. 'long time' TB users seem to be aware of things that most M$ users are not, don't simply assume everyone is aware. MDP> No, this is so far beyond the realms of possibility that it's not MDP> worth thinking about, let alone losing sleep over. See above. It is worth talking about it to those who expect M$-based programs will organise it for them! -- Kind regards, Peter Ouwehand E: [EMAIL PROTECTED] - - - Created the above using A program which insists to be : The Bat! V2.01.26 An OS which insists to be : Windows 2000 5.0 Build 2195 Service Pack 4 ________________________________________________ Current version is 2.01.3 | "Using TBUDL" information: http://www.silverstones.com/thebat/TBUDLInfo.html
