Re: E-mail Security



Don Kelloway wrote:

It's obvious that you are not familiar with Outlook because it does not
display any inline preview of images for messages that are composed in HTML.

It display an inline preview for simply image attachments. No need to
involve any HTML.

And like IE when it is properly configured, nor Outlook is susceptible to
the MIME issue you speak of.

Bah, you'd wish. Microsoft is only blacklisting some already exploitet
MIME type combinations, and on WinSrv03 they actually turned that into a
Group Policy. It was never fixed and actually the interaction with
Shell32::ShellExecute MIME handling makes things even worse.

As a test case:
Name: blah.gif Type: image/gif Content: WMF
.