Re: Preview Pane Pain
From: Brian Tillman (Tillman_at_sparkingwire.com)
Date: 02/25/04
- Next message: Brian Tillman: "Re: Outlook 2k hangs during splash screen"
- Previous message: Brian Tillman: "Re: merging archive files"
- In reply to: Ken Piper: "Re: Preview Pane Pain"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 25 Feb 2004 14:31:50 -0500
Ken Piper <kpiper@nospam.sfsu.edu> wrote:
> I've heard over and over that the reading pane (Preview Pane prior to
> 2003) is a security threat for code execution. I would love to see
> documentation for/against after patches. The Reading Pane in Ootlook
> 2003 (that doesn't d/l pix/run code <allegedly>) might have addressed
> the issues, but I have seen no documentation.
>
> Anybody seen definitive info about this hole?
KB article 249972 (http://support.microsoft.com/?kbid=249972) states:
"Microsoft Outlook allows you to send HTML as the body of a mail message.
Outlook uses the full version of Internet Explorer to render this HTML.
However, Outlook imposes additional levels of security to protect end users
from potential HTML-based malicious code, or viruses. In addition, if the
Outlook 2000 E-mail Security Update is applied, all HTML-based message
active content is automatically disabled."
KB article 262701 (http://support.microsoft.com/?kbid=262701) contains quite
a bit of detail on what's available in a message and what's not.
-- Brian Tillman Smiths Aerospace 3290 Patterson Ave. SE, MS 1B3 Grand Rapids, MI 49512-1991 Brian.Tillman is the name, smiths-aerospace.com is the domain. I don't speak for Smiths, and Smiths doesn't speak for me.
- Next message: Brian Tillman: "Re: Outlook 2k hangs during splash screen"
- Previous message: Brian Tillman: "Re: merging archive files"
- In reply to: Ken Piper: "Re: Preview Pane Pain"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
