M$ vulnerability question
John (EBo) David
plug-discuss@lists.plug.phoenix.az.us
Wed, 13 Mar 2002 18:46:01 -0700
Craig White wrote:
>
> It's not a question of whether you would cause the executable to run by
> double clicking - it's a question of just merely 'previewing' the email
> would cause it to run. Microsoft built 'auto executing' (VBA) into all
> of their programs and that includes Outlook & Outlook Express which
> makes them especially vulnerable to email borne executables. Thus you
> don't have to be dumb enough to double click the file called Anna
> Kournikova.jpg.exe to infect your computer - just touching the email and
> clicking delete is enough to infect.
understand.
> This is indeed a security bulletin where the fix has been available for
> over a month and thus legit.
>
> It should be noted that it's not just emails but there is some malicious
> code embedded on web pages that can get you too...I believe that
> everyone is supposed to be at Mozilla .97 or higher (a keen eye towards
> Hans' earlier post).
yep...
> PS - it's the people you know and trust who are the most likely to send
> you an email borne virus - the first thing these MS targeted virus'
> attack is the addressbook.
true, but what I mean by trusted email attachments is I usually CALL to
confirm personally, and there are only two people I know that ever send
me attachments, so it can still happen but...
EBo --