> Since RTF files are opened and rendered automatically by Outlook Express
and
> Internet Explorer, this is remotely exploitable through mail and web.

There are still unfixed buffer overflows (i.e. an <a href=""> overflow,
http://securenetwork.it/szanero/bug-oe-2.htm) that can be remotely triggered
to crash outlook express, so this is not really something new.

It simply seems that if a bug does not allow remote code execution, it is
not something worth MS attention.

Stefano "Raistlin" Zanero
System Administrator Gioco.Net
public PGP key block at http://gioco.net/pgpkeys

[ reply ]