We're so back.
"CVSS 9.8 allows a remote attacker to execute code on a target system by sending a specially crafted mail to an affected system with Outlook... previewing an attachment could trigger the code execution. The specific flaw exists within the parsing of RTF files"
+bonifartius 𒂼𒄄
@sj oh i forgot one can embed almost everything in there. i only remember how text is formatted and that's not too crazy.
@bonifartius I think it's the integration with OLE and the world of other MS/windows junk that can be pulled in, right at the border of "just used enough MS can't just turn it off by default" and "too old to get a lot of attention"