Outlook “letterbomb” exploit could auto-open attacks in e-mail

Posted on Posted in Uncategorised

Fixed by Microsoft’s latest patches, bug could be “enterprise killer,” says researcher.

Haifei also suggested making registry setting changes with an “Office kill-bit” to block Flash content from automatically opening via OLE

By blocking the CLSID D27CDB6E-AE6D-11cf-96B8-444553540000 with Windows Registry Editor:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common\COM Compatibility\{D27CDB6E-AE6D-11cf-96B8-444553540000}]”Compatibility Flags”=dword:00000400

Changing this setting will prevent OLE-embedded Flash exploits within other Office documents from being executed as well.

Source: Outlook “letterbomb” exploit could auto-open attacks in e-mail