Focus on Microsoft
Cross-Site scripting Apr 26 2008 02:07PM
roy_porras yahoo com (1 replies)
RE: Cross-Site scripting Apr 30 2008 03:09AM
Wayne S. Anderson (wfrazee wynweb net)
Several vulnerabilities that have to do with URL processing and some methods
of presenting file locations but I don't see anything that is specifically
cross site scripting. Remember that there are some significant limitations
on script execution in the outlook HTML environment.

That's not to say that it cant be done or is impossible or any such
criminally stupid pronouncement on that order however I have yet to find
significant trusted evidence of it in any of the vulnerability databases I
referenced.

-W

Wayne S. Anderson

-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On
Behalf Of roy_porras (at) yahoo (dot) com [email concealed]
Sent: Saturday, April 26, 2008 8:07 AM
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: Cross-Site scripting

Does anyone know of any incidents involving cross-site scripting and
Microsoft Outlook 2003 or 2007? Does the change within Outlook 2007 and
it's HTML rendering engine support still leave clients susceptible to this
attack?

R4

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus