Lincoln Yeoh wrote: > > And if Microsoft Word becomes very intertwined with IE (word uses IE to > fetch stuff) then word documents with image/object links will also be an > issue. Mix well and add a few macros to taste ;). > While MS is the big wide target, it isn't just them that need to worry. 1) Many other pieces of software, including mail clients, use the mshtml.dll library and can inherit any security bugs. I seem to fuzzily remember Eudora mail and Novell GroupWise client allowing JavaScript popups and probably being vulnerable to a whole host of vulnerabilities. Luckily most vulnerabilities are targeted at Outlook and OE but could be recoded to use other email clients. 2) Other environments that provide tight integration of components (I'm thinking of KDE/Konqueror since I am a user of it) may also be vulnerable to these issues. I don't really know how other environments/object models deal with these issues, it would be nice to hear from the various development teams/companies and how they have dealt with these issues. -- Mark Tinberg <MTinbergat_private> Network Security Engineer SecurePipe, Inc. -- Managed Network Security Services Remember: Wherever you go, there you are!
This archive was generated by hypermail 2b30 : Fri Jun 22 2001 - 13:59:24 PDT