Bugtraq mailing list archives
Re: TEXT/PLAIN: ALERT("OUTLOOK EXPRESS")
From: pre <pre () geekgang co uk>
Date: Tue, 29 Jul 2003 09:53:40 +0100 (BST)
(replying to two postings in one reply) Quoting Stephen Cope <mail () nonsense kimihia org nz>:
This has been its /modus operandi/ for over four years: http://support.microsoft.com/default.aspx?scid=kb;en-us;239750 Microsoft Knowledge Base Article - 239750 "Text/Plain" Content-Type Header Field Is Ignored
That article is at best out of date. It doesn't list any products past NT4 or IE5, when in fact everything after NT4 and IE5 is still vulnerable, including a fully patched XP and IE6. I tested the registry entry mentioned in that article and it has no effect on XP/IE6. I'm not convinced they are even trying to address the same issue with that particular 'fix'. I've put up a page at the following URL you can use to test your browser: http://www.geekgang.co.uk/test/ietest.php On Mon, 2003-07-28 at 09:00, Fabio Pietrosanti (naif) wrote:
MIME Type Detection in Internet Explorer explained here: http://msdn.microsoft.com/workshop/networking/moniker/overview/appendix_a.asp
Yes, it is explained there, but that doesn't excuse MS refusing to fix this security hole. They should at a minimum ship their OS's in a secure state - and at the very very least provide an option for turning this off. As noted above, this has been known for four years - so much for the MS Secure Computing Initative - it's laughable. cheers, pre.
Current thread:
- TEXT/PLAIN: ALERT("OUTLOOK EXPRESS") http-equiv () excite com (Jul 25)
- Re: TEXT/PLAIN: ALERT("OUTLOOK EXPRESS") Denis Jedig (Jul 25)
- Re: TEXT/PLAIN: ALERT("OUTLOOK EXPRESS") Kee Hinckley (Jul 26)
- Re: TEXT/PLAIN: ALERT("OUTLOOK EXPRESS") pre (Jul 28)
- Re: TEXT/PLAIN: ALERT("OUTLOOK EXPRESS") Stephen Cope (Jul 28)
- Re: TEXT/PLAIN: ALERT("OUTLOOK EXPRESS") pre (Jul 30)
- Re: TEXT/PLAIN: ALERT("OUTLOOK EXPRESS") Fabio Pietrosanti (naif) (Jul 28)
- Re: TEXT/PLAIN: ALERT("OUTLOOK EXPRESS") Denis Jedig (Jul 25)