NewsGator and Security
February 28th, 2003 by gregr
There have been a couple of posts (here and here) talking about alleged security vulnerabilities in NewsGator and other news aggregators. The first post supposedly describes a way to have a news post contain an Outlook “virus” that will send an email to people in your address book; the second shows a RSS file containing script which could be annoying or malicious to a user.
I have posted a response for our customers on the NewsGator News and Updates page; the gist of this is that for the first problem to actually be a problem, you would have to manually edit your Internet Explorer security settings to loosen the restrictions.
For the second problem, OL2002 is not vulnerable at all by default. OL2000 will actually execute the script, just as with HTML email messages, but this is easy to disable (and should indeed be disabled in most cases).
This entry was posted on Friday, February 28th, 2003 at 4:37 pm and is filed under newsgator. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
February 28th, 2003 at 7:29 pm
Not to mention that you’d have to be pretty bold and/or stupid to stick malicious script in your rss feed.