Bugtraq mailing list archives
Re: IE Domain Confusion Vulnerability doesn't matter much
From: rms2000 () BELLATLANTIC NET (Richard M. Smith)
Date: Mon, 15 May 2000 08:12:39 -0400
Marc,
That is why you are supposed to configure outlook to use a restricted security zone for reading mail that doesn't allow any "active scripting languages", etc.
Actually the Restricted Sites Zone still has Active Scripting turned on. This zone only disables ActiveX controls and Java applets by default. To make Outlook and Outlook Express safe from IE security holes requires Active Scripting to be turned off manually. I put instructions on my Web site last summer that goes through the entire procedure: http://www.tiac.net/users/smiths/acctroj/oe.htm Richard
Current thread:
- »Ø¸´: Re: non-exec stac, (continued)
- »Ø¸´: Re: non-exec stac ZhaoQian (May 10)
- Alert: IIS ism.dll exposes file contents Cerberus Security Team (May 11)
- ISSalert: Internet Security Systems Security Advisory: Microsoft IIS Remote Denial of Service Attack Warren Barrow (May 11)
- Remote DoS attack in Internet Information Server 4.0 & 5.0 "Malformed Extension Data in URL" Vulnerability Ussr Labs (May 11)
- Microsoft Security Bulletin (MS00-030) Microsoft Product Security (May 11)
- IE Domain Confusion Vulnerability Foo Bar (May 11)
- Overflow in Outlook Express 4.* - too long filenames with graphic format extension Ultor (May 12)
- Eudora Sensitive to Long Filenames Ron Moritz (May 18)
- IE Domain Confusion Vulnerability is an Email problem also Richard M. Smith (May 12)
- Re: IE Domain Confusion Vulnerability doesn't matter much Marc Slemko (May 12)
- Re: IE Domain Confusion Vulnerability doesn't matter much Richard M. Smith (May 15)
- Vulnerability in CGI counter 4.0.7 by George Burgyan Howard M. Kash III (May 15)
- Vulnerability in EMURL-based e-mail providers Pierre Benoit (May 15)
- New Solaris root exploit for /usr/lib/lp/bin/netpr Anonymous (May 12)
- Microsoft Security Bulletin (MS00-034) Microsoft Product Security (May 12)
- Microsoft Office 2000 Advisory dildog (May 12)