30 Apr 2008 05:09
RE: Cross-Site scripting
Wayne S. Anderson <wfrazee <at> wynweb.net>
2008-04-30 03:09:34 GMT
2008-04-30 03:09:34 GMT
Several vulnerabilities that have to do with URL processing and some methods of presenting file locations but I don't see anything that is specifically cross site scripting. Remember that there are some significant limitations on script execution in the outlook HTML environment. That's not to say that it cant be done or is impossible or any such criminally stupid pronouncement on that order however I have yet to find significant trusted evidence of it in any of the vulnerability databases I referenced. -W Wayne S. Anderson -----Original Message----- From: listbounce <at> securityfocus.com [mailto:listbounce <at> securityfocus.com] On Behalf Of roy_porras <at> yahoo.com Sent: Saturday, April 26, 2008 8:07 AM To: focus-ms <at> securityfocus.com Subject: Cross-Site scripting Does anyone know of any incidents involving cross-site scripting and Microsoft Outlook 2003 or 2007? Does the change within Outlook 2007 and it's HTML rendering engine support still leave clients susceptible to this attack? R4
RSS Feed