6178RE: [NTO] Outlook Express Folders
- Jan 8, 2005Jason, I'm showing my dated-ness.
It's been awhile since I've worked on Outlook, or worked at all, actually.
At the time, Outlook itself wasn't targeted. I guess before I wrote, I
should have checked current capabilities, knowing how smart these children
Thanks for correcting me. :)
From: Jason W. [mailto:jwellband@...]
Sent: 08 January, 2005 15.20
Subject: Re: [NTO] Outlook Express Folders
If the user is using an older version of Outlook (say 2000 or 2002) OR
they click Yes to the security prompt (which most will do), a script
could read every object in a user's PST file. It's actually quite
simple to do with VBScript and COM. The chance of getting a virus is
roughly the same with Outlook as it is with Outlook Express since both
have the same core set of HTML rendering vulnerabilities - meaning
attachments can be run without the user's permission and files can be
downloaded from remote websites and ran without being OK'ed.
HTH, YMMV, HANW :)
- << Previous post in topic Next post in topic >>