[24987] in bugtraq
RE: More Office XP problems
daemon@ATHENA.MIT.EDU (Paul Schmehl)
Fri Apr 5 19:42:43 2002
Date: Fri, 05 Apr 2002 17:35:36 -0600
From: Paul Schmehl <pauls@utdallas.edu>
To: Leonard Chung <leonardc@cs.berkeley.edu>, guninski@guninski.com,
Ben Schorr <bms@hawaiilawyer.com>
Cc: "'BUGTRAQ@SECURITYFOCUS.COM'" <BUGTRAQ@securityfocus.com>
Message-ID: <105797268.1018028136@pc47794.campus.ad.utdallas.edu>
In-Reply-To: <HHEKIBIGHICPGLHFMKKJKENGCNAA.leonardc@cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
The default editor for Outlook XP (2002) is Word *if*
Office is installed. (I don't know if it is if Office
isn't installed.) Default "sending type" is RTF.
{{shudder}}
--On Thursday, April 04, 2002 10:53 PM -0800 Leonard Chung
<leonardc@cs.berkeley.edu> wrote:
>> This is the default option on Outlook, I believe.
>
> The default for Outlook is actually to use the Outlook
> editor and NOT the Word editor for all previous versions
> of Outlook (Outlook 2000 and Outlook 97).
>
> I doubt MS changed the default for Outlook XP as Outlook
> is supposed to be a standalone e-mail/PIM that doesn't
> require Word.
>
> Leonard
>
> -----Original Message-----
> From: Georgi Guninski [mailto:guninski@guninski.com]
> Sent: Thursday, April 04, 2002 2:49 AM
> To: Ben Schorr
> Cc: 'BUGTRAQ@SECURITYFOCUS.COM'
> Subject: Re: More Office XP problems
>
> Ben Schorr wrote:
>> Worth noting that this problem (the Outlook part anyhow)
>> appears to
> actually
>> be a Word vulnerability in that it only affects people
>> who use the
> WordMail
>> editor. People who use the default Outlook editor are
>> apparently not affected by the forward/reply
>> vulnerability.
>>
>> http://www.slipstick.com for more info.
>>
>> That's not to suggest that it isn't a vulnerability that
>> shouldn't be
> fixed
>> - just that there appears to be a fairly easy workaround
>> and not all users are affected to begin with.
>>
>
> This is the default option on Outlook, I believe.
>
>
>> To work-around this problem in Outlook go to Tools |
>> Options | Mail Format and uncheck the boxes for "Use
>> Word to..." That will cause Outlook to use it's own
>> native editor for such things and shuts the window on
>> this
> exploit.
>>
>
> While this will prevent the reply/forward issue, it won't
> help if one receives and opens .doc or .xls attachment
> with the bug, will it?
>
> That's why I suggest uninstalling/deleting as much
> buggyware as one can.
>
> Georgi Guninski
> http://www.guninski.com
>
>
>
Paul Schmehl (pauls@utdallas.edu)
Supervisor of Support Services
The University of Texas at Dallas
AVIEN Founding Member
