Last Updated: 2007-03-30 21:38:53 UTC
by Swa Frantzen (Version: 2)
A short overview of how the different email clients (in the supported list of Microsoft) are reacting to the animated cursor vulnerability (CVE-2007-0038, previously also CVE-2007-1765) depending on the actions and settings of the email client.
The surprising element is that "read in plain text" mode makes some of the clients more vulnerable and actually only offers real added value -for this vulnerability- for Outlook 2003.
|Default Settings||Read in
plain text mode
"Read in Plain Text" set
|Windows XP Outlook Express preview
|Windows XP Outlook Express open||Vulnerable(*)||Vulnerable||Vulnerable|
|Vista Mail preview||Vulnerable||Vulnerable|
|Vista Mail open||Vulnerable||Vulnerable|
|Outlook 2003 preview||Vulnerable|
|Outlook 2003 open||Vulnerable|
|Outlook 2007 preview|
|Outlook 2007 open|
(*) It does interact with the user before being vulnerable, but we all know what typical users would do.
Swa Frantzen -- NET2S