Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Outlook Bug Doesn't Require Users To Interact With Emails To Be Compromised (softpedia.com)

Posted by timothy on from the just-positioned dept.

An anonymous reader writes: A new bug in Outlook allows attackers only to send you an email, and without clicking or downloading attachments, a user's computer can be compromised. The bug [PDF] is because Outlook allows Flash objects to be previewed without a sandbox. Flash files are demon spawns and attackers can put exploits in malicious files, which when previewed or viewed inside an Outlook application will automatically execute their payload.

6 of 102 comments (clear)

  1. Re:Doesn't seem like anything new by lucm · · Score: 4, Funny

    my copy of Outlook doesn't download or render attachments (or even images) unless told to

    That's why Lotus Notes is so amazing. Even when you tell it to, it doesn't download or render things. Security by mediocrity.

    --
    lucm, indeed.
  2. Re:Seems like Microsoft don't learn from mistakes by Zontar+The+Mindless · · Score: 4, Funny

    This is what happens when companies require their workers to delete mails that are over 6 months old.

    --
    Il n'y a pas de Planet B.
  3. Re: Ok. by Anonymous Coward · · Score: 3, Funny

    Not really. The proposed new name is LookOut!

  4. Re:Seems like Microsoft don't learn from mistakes by jbengt · · Score: 4, Funny

    I ran into that a decade ago when my client needed to get me some data. But fortunately the company let their corporate secrets be written to a CD, instead.

  5. Re:Ok. by penguinoid · · Score: 4, Funny

    Well, the fortune cookie did say "Outlook not so good".

    --
    Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
  6. wish fulfilled by frovingslosh · · Score: 1, Funny

    The only reason that I use Outlook is that I want to be compromised.

    --
    I'm an American. I love this country and the freedoms that we used to have.