>This is the default option on Outlook, I believe. The default for Outlook is actually to use the Outlook editor and NOT the Word editor for all previous versions of Outlook (Outlook 2000 and Outlook 97). I doubt MS changed the default for Outlook XP as Outlook is supposed to be a standalone e-mail/PIM that doesn't require Word. Leonard -----Original Message----- From: Georgi Guninski [mailto:guninski@guninski.com] Sent: Thursday, April 04, 2002 2:49 AM To: Ben Schorr Cc: 'BUGTRAQ@SECURITYFOCUS.COM' Subject: Re: More Office XP problems Ben Schorr wrote: > Worth noting that this problem (the Outlook part anyhow) appears to actually > be a Word vulnerability in that it only affects people who use the WordMail > editor. People who use the default Outlook editor are apparently not > affected by the forward/reply vulnerability. > > http://www.slipstick.com for more info. > > That's not to suggest that it isn't a vulnerability that shouldn't be fixed > - just that there appears to be a fairly easy workaround and not all users > are affected to begin with. > This is the default option on Outlook, I believe. > To work-around this problem in Outlook go to Tools | Options | Mail Format > and uncheck the boxes for "Use Word to..." That will cause Outlook to use > it's own native editor for such things and shuts the window on this exploit. > While this will prevent the reply/forward issue, it won't help if one receives and opens .doc or .xls attachment with the bug, will it? That's why I suggest uninstalling/deleting as much buggyware as one can. Georgi Guninski http://www.guninski.com
