[24969] in bugtraq
Re: More Office XP problems
daemon@ATHENA.MIT.EDU (Georgi Guninski)
Thu Apr 4 11:51:20 2002
Message-ID: <3CAC2FA7.6050005@guninski.com>
Date: Thu, 04 Apr 2002 13:49:11 +0300
From: Georgi Guninski <guninski@guninski.com>
Reply-To: guninski@guninski.com
MIME-Version: 1.0
To: Ben Schorr <bms@hawaiilawyer.com>
Cc: "'BUGTRAQ@SECURITYFOCUS.COM'" <BUGTRAQ@securityfocus.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Ben Schorr wrote:
> Worth noting that this problem (the Outlook part anyhow) appears to actually
> be a Word vulnerability in that it only affects people who use the WordMail
> editor. People who use the default Outlook editor are apparently not
> affected by the forward/reply vulnerability.
>
> http://www.slipstick.com for more info.
>
> That's not to suggest that it isn't a vulnerability that shouldn't be fixed
> - just that there appears to be a fairly easy workaround and not all users
> are affected to begin with.
>
This is the default option on Outlook, I believe.
> To work-around this problem in Outlook go to Tools | Options | Mail Format
> and uncheck the boxes for "Use Word to..." That will cause Outlook to use
> it's own native editor for such things and shuts the window on this exploit.
>
While this will prevent the reply/forward issue, it won't help if one
receives and opens .doc or .xls attachment with the bug, will it?
That's why I suggest uninstalling/deleting as much buggyware as one can.
Georgi Guninski
http://www.guninski.com
