Minor IE issue

["KRUSE PETER, Teliadk" <PKR () Telia DK>]

Hello Bugtraqers,

There is a minor issue related to the Microsoft security bulletin MS01-20
(Incorrect MIME Header Can Cause IE to Execute E-mail Attachment) relased by
Microsoft. The weakness is exploited by several internet worms. 

This advisory should be read, if you're a systemadministrator or private
user, and you're planing to update IE to latest edition. 

The problem appears when you're updating a unpatched version of IE to
version 6.0. The problem is really not the patch, but the way you update
from a vulnerable IE, to the latest IE6.0. 

If you choose to update a vulnerable version of IE5.1 or IE5.5 SP1, with the
latest version of IE6.0 using the minimal installtion option, then the
weakness described in MS01-20 will affect IE6.0 as well. This is very likely
because the affected files (described in MS01-20) are not being updated with
a minimal installation of IE6.0. This would also explain why some
administrators have reported that their IE6.0 is vulnerable to the Iframe
exploit used by Nimda and Badtrans-B. 

This minor issue has been confirmed by Microsoft. Microsoft fairly points
out that this is NOT the default installation for IE 6.0. This has been
noted, and as stated earlier, this is a minor issue.
    
Med venlig hilsen / Kind regards

Peter Kruse
Security & Virusresearch
Telia Telecom A/S
Søren Frichsvej 34C - DK 8230 Åbyhøj
Email: pkr () telia dk - Mobil: +45 2827 9785