Re: Ten least secure programs

From: Ansgar Wiechers <bugtraq(at)planetcobalt.net>
Date: Fri Jul 04 2003 - 04:39:25 EDT

On 2003-07-02 SMiller@unimin.com wrote:
> For my money, it is difficult to separate IE and Windows, at least for

Which exactly is the problem.

> Also, if Outlook is near the top of the list, doesn't Exchange demand

No. There have been few exploitable bugs in Exchange (at least AFAIK).

> Should a distinction be made between Outlook and Outlook Express?

With respect to this thread's topic: no. Both programs use IE as a component for rendering HTML, so each bug in IE directly affects Outlook and Outlook Express.

> Also, we had looked at Pegasus mail as an Outlook Express alternative

No. AFAIK Pegasus uses a rendering engine of its own for displaying HTML mail, and it can be configured to not displaying HTML (at least those versions I looked at). Outlook Express prior to verion 6 does not allow to suppress HTML rendering.
Of course if your users decide to open hot_girls.jpg.vbs from within the mail, Pegasus won't stop them, nor will virtually any other mail client I know of.

Regards
Ansgar Wiechers

---

Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare.      

Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance.           

Visit us at: http://www.neoteris.com/promos/sf-6-9.htm

---

Received on Fri Jul 4 14:02:45 2003