I almost laughed when I saw this vulnerability alert. The company who owns Lan-Aces Office Logic (which I’ve never even heard of, so I don’t think this is a wide spread security vulnerability) has 24 hours to make contact with Mike@chtechnology.com before he releases what appears to be some sort of script injection (sounds like XSS running on the machine, so it has access to the drive).

Of course this is a theory, and the details are vague, but as of tomorrow he’ll release his code to the world. Here’s his post:

Does anyone use this email client? I have to say It would be in your best intrest to turn off html messages until I speak with tech support at Lan-Aces. If they do not respond within 24 hours I will post a huge security bypass exploit that works for all html & scripting blocking mechanisim. With this said….

These types of vulnerabilies are really nasty, but given that I’ve never even heard of the mail client, I doubt it’s that bad. If you’re running Lan-Aces Office Logic, or know someone who is, let them know.

This entry was posted on Friday, July 28th, 2006 at 2:47 pm and is filed under General News. You can leave a response as well.