Attachments run in OE with out open?

[Brian Henry]

Some people state that according to security bullitin MS01-020 that you do
not even have to open an email you recieved to have its code execute.
MS01-020 does not state that anywhere but that pages taht are rendered in
html with the inproper MIME tags are vonerable to this unattended
execution... does anyone know anything about this supposed attachments can
be executed with out opening the email message or ever clicking on it claim?
From what I know about OE processing main it does not "render" anything
until you click on the email and open it or use it in the viewing plain..
thanks

 

[MAP]

-----Original Message-----
Some people state that according to security bullitin MS01-020 that you do
not even have to open an email you recieved to have its code execute.
MS01-020 does not state that anywhere but that pages taht are rendered in
html with the inproper MIME tags are vonerable to this unattended
execution... does anyone know anything about this supposed attachments can
be executed with out opening the email message or ever clicking on it claim?
From what I know about OE processing main it does not "render" anything
until you click on the email and open it or use it in the viewing plain..
thanks


.Opening attachments in e/mail is an outdated way to

spread viruses yes e/mail or web pages in html format can
exe. a virus code to your system without you doing
anything.That is why some configure their e/mail program
to reciece text.e/mail only. However a good up to date
anti-virus program should be able to pick this up as it
is being downloaded from your server.

 

[Brian Henry]

no, im talking with out even toughing the email, like haveing viruses
executed.. not things like vbs scripts and such embedded into the email, but
as the email is recieved and stored into the OE database a virus is
executed... is that possible, some people think that MS security bulletin
makes that possible

 

[t.cruise]

My understanding is that if the Preview Pane is being used (View
menu/Layout/Show Preview Pane), and an HTML message is showing in the
Preview Pane, it's the equivalent of opening that message, and if it
contains any malicious scripts, etc., they'll be activated. As for
downloaded messages that aren't in the Preview Pane, and haven't been
opened, I haven't heard of an infections from those. I use a mail monitor
that polls the mail server and only downloads the headers of the messages.
I Quick Delete anything unsolicited, before actually downloading the actual
messages. If I'm unsure, I double click the header, and it downloads and
opens as text in a Notepad window (text format won't infect a system). If
you're interested in a free mail monitor, you can get Magic Mail Monitor at:

http://mmm3.sourceforge.net/

 

[Alex Nichol]

Some people state that according to security bullitin MS01-020 that you do
not even have to open an email you recieved to have its code execute.
MS01-020 does not state that anywhere but that pages taht are rendered in
html with the inproper MIME tags are vonerable to this unattended
execution... does anyone know anything about this supposed attachments can
be executed with out opening the email message or ever clicking on it claim?

It can happen. For safety in OE set it to 'read all as plain text'.
Then if there is an HTML message you are happy about, you can turn that
off while you read it

 

[Ron Sommer]

claim?

It can happen. For safety in OE set it to 'read all as plain text'.
Then if there is an HTML message you are happy about, you can turn that
off while you read it

What can happen?
Code will be executed without opening an email or even clicking on it?
How is reading in plain text going to help if the code is going to run
without opening the email?