* Ani cursor exploits against Microsoft E-mail clients - CVE-2007-0038
A short overview of how the different email clients (in the supported list of Microsoft) are reacting to the animated cursor vulnerability (CVE-2007-0038, previously also CVE-2007-1765) depending on the actions and settings of the email client.
The surprising element is that "read in plain text" mode makes some of the clients more vulnerable and actually only offers real added value -for this vulnerability- for Outlook 2003.
| Default Settings | Read in plain text mode |
Reply/Forward with "Read in Plain Text" set |
|
|---|---|---|---|
| Windows XP Outlook Express preview |
Vulnerable(*) | Vulnerable | Vulnerable |
| Windows XP Outlook Express open | Vulnerable(*) | Vulnerable | Vulnerable |
| Vista Mail preview | Vulnerable | Vulnerable | |
| Vista Mail open | Vulnerable | Vulnerable | |
| Outlook 2003 preview | Vulnerable | ||
| Outlook 2003 open | Vulnerable | ||
| Outlook 2007 preview | |||
| Outlook 2007 open |
(*) It does interact with the user before being vulnerable, but we all know what typical users would do.
--
Swa Frantzen -- NET2S
Keywords:
0 comment(s)
×
![modal content]()
Diary Archives
Comments