Vulnerability Development mailing list archives
Re: IE 5 'feature'?
From: Su Wadlow <swadlow () UTDALLAS EDU>
Date: Sun, 1 Oct 2000 14:47:29 -0500
--On Friday, September 29, 2000 12:00 PM -0400 White Vampire <whitevampire () MINDLESS COM> wrote:
On Thu, Sep 28, 2000 at 09:01:33PM -0300, MindSuck(mindsuck () USA NET) wrote:They just use it to keep a more updated user databaseJust. This definitely raises some interesting questions.
I'm not so sure it's used for an updated user database. I do lots and lots of IE updates, and every version that I've dealt with -- 5.0, 5.01, 5.01 SP1, and now 5.5 -- sends you to this page the first time you start IE after updating. As the original poster pointed out, the URL redirects to someplace on msn.com, which, IIRC, prompts you to sign up with MSN and maybe Hotmail (it's been a *long* time since I've actually paid attention to what that page says). Oddly enough, my Windows 95 system has the 'homepage.inf' file in c:\windows\system as noted by the original poster, even though I don't have IE installed; the registry key he mentioned is *not* set, however. I think the .inf file was put there by the Office 2000 installer, which really, really wants to install IE and Outlook Express, even if you tell it not to (I've often removed OE from the default Win98 install on a brand new machine, then installed Office, only to have OE return and have to be removed again). I wouldn't be surprised to find out that this is just something generally placed in the %system% directory by the MS installer. Looking in the IE directory on my Office 2000 CD, and I'd have to surmise that the 'homepage.inf' file is installed from one of the CABs, as it's not directly visible there. Now, this file in and of itself probably isn't notable. But what might be interesting is whether the mechanism by which this file is put in the %system% directory and then used to write the FirstHomePage registry entry could be used to direct someone to a website that's, um, shall we say, not so friendly. -- Su Wadlow swadlow () utdallas edu If I have to explain, you wouldn't understand . . . . :-)
Current thread:
- Re: IE 5 'feature'? Su Wadlow (Oct 02)