bluebsh Posted February 9, 2004 Share Posted February 9, 2004 Disabling the preview pane and being careful with what attachments you open is enough, contrary to what some people would like others to believe. A good, updated antivirus is nowadays also essential.Pocomail may be a good e-mail client, but it sure is ugly and cluttered. correct, the preview plain is the biggest problem in security with HTML emails, that is why people should read in plain text. this disables the rendering of HTML in outlook express, that security bulletin that Mxxcon showed has nothing to do with the actuall downloading and recieveing of emails like he stated, but more of when you click on an email and it is rendered in the preview plain or opened in a seperate email window, which causes the html rendering to occur thus causing the problem in the security bulletin he stated... Link to comment Share on other sites More sharing options...
bluebsh Posted February 9, 2004 Share Posted February 9, 2004 even more for you to digest mxxcon Popup Object Exploit vulnerabilityWhy is this type of content dangerous? This particular example allows local files to be automatically executed, regardless of the security settings on the target machine. It can be dangerous to open an email that uses this particular method because it runs on any computer that has an unpatched version of Internet Explorer 6. keyword there is OPEN not recieve Link to comment Share on other sites More sharing options...
bluebsh Posted February 9, 2004 Share Posted February 9, 2004 man what the heck ever happene to the edit post button... anyways... even more information... man, I love shutting down people that think they know it all.... Would IE always execute the attachment?No. IE would only execute the attachment if File Downloads were enabled in the Security Zone that the e-mail was opened in. However, File Downloads are enabled in all zones by default. did you even read the security bulletin mxxcon? "that the e-mail was opened in" now that sounds a lot like preprocessing email to me doesnt it? :rolleyes: mainly since nothing is able to be executed as an email is download because the OE download subsystem doesn't even refrence the rendering of HTML documents at all, how do I know this? just spend 2 hours looking into OE's objects and their refrences into MSHTML.dll.... all just for you... Link to comment Share on other sites More sharing options...
Jebadiah Posted February 9, 2004 Share Posted February 9, 2004 Haah Use netscape features to block the size of the emails. Its the best i can see right now or mozilla :happy: and plus u get netscape imap account for free. What else do u need?????????? Link to comment Share on other sites More sharing options...
Jebadiah Posted February 9, 2004 Share Posted February 9, 2004 Also, i would like to add that OE opens the first email that is in your folder (let it be any folder) which could, perhaps, be a virus or something. Link to comment Share on other sites More sharing options...
bluebsh Posted February 9, 2004 Share Posted February 9, 2004 Also, i would like to add that OE opens the first email that is in your folder (let it be any folder) which could, perhaps, be a virus or something. it doesn't open it if your preview plane is off Link to comment Share on other sites More sharing options...
xxdesmus Posted February 9, 2004 Share Posted February 9, 2004 no way....i hate to admit it, but MS did something really right with Outlook 2003...it would take a freakin miracle to make me switch to anything else ;) Link to comment Share on other sites More sharing options...
MxxCon Posted February 10, 2004 Share Posted February 10, 2004 bluebsh get your ass to read http://www.securityfocus.com/archive/1/70712 in case you have problems reading, me he quote it here The vulnerability could enable a malicious sender of an e-mailmessage with a malformed header to cause and exploit a buffer overrun on a user's machine. The buffer overrun could crash Outlook Express, Outlook e-mail client, or cause arbitrary code to run on the user's machine. The danger in this vulnerability is that the buffer overrun would occur even if the user does not open or preview the e-mail message. This is because the buffer overrun occurs and the vulnerability is triggered during the process of downloading the e-mail message from server to client. It is unlikely that a user will be able to delete the malicious message from the client. Link to comment Share on other sites More sharing options...
manroweb Posted February 10, 2004 Share Posted February 10, 2004 bluebsh get your ass to read http://www.securityfocus.com/archive/1/70712in case you have problems reading, me he quote it here Another tick for mozilla thunderbird Another cross for OE Link to comment Share on other sites More sharing options...
mipra Posted February 10, 2004 Share Posted February 10, 2004 Hmm...There is a point in MxxCon. However, so far I havent got anything like that, Nor any issue that u mentioned up there. The fact is, I receive more than 50 e-mail messages everyday....not to include another 50 spams Link to comment Share on other sites More sharing options...
Recommended Posts