> Since RTF files are opened and rendered automatically by Outlook Express and > Internet Explorer, this is remotely exploitable through mail and web. There are still unfixed buffer overflows (i.e. an <a href=""> overflow, http://securenetwork.it/szanero/bug-oe-2.htm) that can be remotely triggered to crash outlook express, so this is not really something new. It simply seems that if a bug does not allow remote code execution, it is not something worth MS attention. Stefano "Raistlin" Zanero System Administrator Gioco.Net public PGP key block at http://gioco.net/pgpkeys
