Path: news.net.uni-c.dk!logbridge.uoregon.edu!pln-w!spln!dex!extra.newsguy.com!newsp.newsguy.com!enews1 From: "Terry Austin" Newsgroups: comp.lang.basic.visual.database,comp.lang.basic.visual.misc,comp.lang.beta,comp.lang.c Subject: Re: WARNING! My OE removed the attachment as being unsafe Date: Wed, 6 Mar 2002 14:13:17 -0800 Organization: http://extra.newsguy.com Lines: 31 Message-ID: References: <3C8435F2.4ED2879A@attglobal.net> <3c851cb0_2@news.iprimus.com.au> <3c853c75.13087585@news1.rdc1.nsw.optushome.com.au> <3c85f48c_1@news.iprimus.com.au> <3c8688fd_1@news.iprimus.com.au> NNTP-Posting-Host: p-328.newsdawg.com X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Xref: news.net.uni-c.dk comp.lang.basic.visual.database:119692 comp.lang.basic.visual.misc:516636 comp.lang.beta:13153 comp.lang.c:585162 "Steve Austin" wrote in message news:3c8688fd_1@news.iprimus.com.au... > > Oh, it has some unique vulnerabilities. I don't know of any other email > > client that can be infected with a virus while a message is _downloading_. > > Proof? Please provide an URL of a documented case. http://www.ussrback.com/labs50.html > > > And it's the scripting host you need disabled, not JavaScript (though that > > should be disabled, too, for different reasons). > > That's what I meant (all scripting in general). Each of which is a separate setting, of course (which isn't necessarily bad, but it a pain in the ass when you want to turn stuff *off*). And the scripting host is a *real* pain in the ass, because a number of various vulnerabilities are buffer overflows that allow scripting to be run even if it's turned off for OE/Outlook. But that's what patches are for. Terry Austin > > >