Re: If you miss gif support in Microsoft Office 2007 Outlook, plz

  • Thread starter TW9udGUgRmlzaGVy
  • Start date Views 985
Status
Not open for further replies.
T

TW9udGUgRmlzaGVy

Uh, that link describes a vulnerability that M$ apparently fixed, so why
remove a feature in Outlook based on that? If there's a site out there
explaining that animated gifs are a current vulnerability in emails, in a
manner that cannot be protected against and is not caught by antivirus
programs, that would be helpful in this thread -- however, none of these MVP
responses was....

"Patrick Schmid [MVP]" wrote:

> That images can be a security thread should be known after
> http://www.microsoft.com/technet/security/Bulletin/MS06-001.mspx
>


 

Brian Tillman

Senior Member
"Monte Fisher" <MonteFisher> wrote in message
news:2BC14868-45F3-4EA6-A229-4C5AD082D269@microsoft.com...

> Uh, that link describes a vulnerability that M$ apparently fixed, so why
> remove a feature in Outlook based on that? If there's a site out there
> explaining that animated gifs are a current vulnerability in emails, in a
> manner that cannot be protected against and is not caught by antivirus
> programs, that would be helpful in this thread -- however, none of these MVP
> responses was....


From what I can find, most vulnerabilities caused by animated gifs are
actually vulnerabilities in the viewers, but here's one that's not:
http://www.iss.net/threats/Animated GIF.html . I think it's fairly typical
for a software developer to fix vulnerabilities by removing the source of the
vulnerability (ban animation) rather than find a way to accommodate it (fix
the buffer overflow problems).

 
T

TW9udGUgRmlzaGVy

Again, that's seems to be a minimal problem (my non-M$ spam filter works
wonderfully) that doesn't warrant killing a feature irrevocably -- as
mentioned above in this thread, why not just have gif-friendliness turned off
by default, but allow the user to override?

But the bottom line is, they've done it and it'll never be reversed (because
M$ has 2000 programmers working full time to develop more and more and more
canned styles for Word, rather than make formatting user-friendly.......)....

Thanks for the civil reply!

(I do understand styles, and have lots of customized ones, but very very few
people go to the effort of learning how to use styles, because they're so
bizarre....)

"Brian Tillman " wrote:

> From what I can find, most vulnerabilities caused by animated gifs are
> actually vulnerabilities in the viewers, but here's one that's not:
> http://www.iss.net/threats/Animated GIF.html . I think it's fairly typical
> for a software developer to fix vulnerabilities by removing the source of the
> vulnerability (ban animation) rather than find a way to accommodate it (fix
> the buffer overflow problems).


 
T

TW9udGUgRmlzaGVy

This is obviously moot because nothing's going to change, this being M$ we're
talking about.

Nevertheless: (1) that link's a spam vulnerability, not a system threat (and
it's from 2006, I receive several hundred spams a day, and I've never seen
such a spam that's gotten past my spam filter); and (2) the fact that it's
"typical," alas, does not mean it's reasonable or beneficial to customers,
and IMO this is neither....

"Brian Tillman " wrote:

> From what I can find, most vulnerabilities caused by animated gifs are
> actually vulnerabilities in the viewers, but here's one that's not:
> http://www.iss.net/threats/Animated GIF.html . I think it's fairly typical
> for a software developer to fix vulnerabilities by removing the source of the
> vulnerability (ban animation) rather than find a way to accommodate it (fix
> the buffer overflow problems).
> >

>
>

 
Status
Not open for further replies.

Similar threads

Top