Bugtraq mailing list archives

Re: Alert: IE 4.0 Security Zone compromise

From: nl () CT HEISE DE (Norbert Luckhardt)
Date: Wed, 21 Oct 1998 11:35:02 +0200


-----BEGIN PGP SIGNED MESSAGE-----

Hi there,

At 21:06 19.10.98 -0400, you wrote:

IE appears to assume that anything it sees without a period in the URL
should be treated as part of the Local Intranet Zone.


as I tested on IE 4.0 (4.72.3110.1 german version w/ win98) the bug seems to
rely on the option "add all local sites which are not listed in another
zone" (or however the english text for that will be) - when You uncheck this
option (internet options/security; choose "local intranet zone"/add sites)
the 32bit-URLs will be treated correctly as internet zone sites

so as a workaround it should do to add all local sites manually to the
intranet list with the "advanced" option

have fun, Shalom,
        NOrbert

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: cp850
Comment: c't Krypto-Kampagne http://www.heise.de/ct/pgpCA/

iQCVAwUBNix84jYMsgdcZ8mpAQGr9wP9Gk1vGys1hazYQ7W/D86WtlJeygQWgMsr
mtU1bpkU/evKZBC3O2zzeNGKAk72VMMBzsHBCUCFKAfgiEn5u1XCYz4skPkld7Yy
bJFJ+/Ieg6YcxRjOwu1aWZ+wMbhq6Fp99apOh/kQr3/7EjMbZxgzfTU4zqtGsYQK
rYF13anQuJs=
=rfXH
-----END PGP SIGNATURE-----

--
Norbert Luckhardt   http://www.heise.de/ct/Redaktion/nl/
Redaktion c't       Tel.: +49 511 5352 - 300    Fax: +49 511 5352 - 417
Helstorfer Str. 7   D-30625 Hannover            BBS: +49 511 5352 - 301

Current thread:

Re: Alert: IE 4.0 Security Zone compromise Norbert Luckhardt (Oct 21)
- <Possible follow-ups>
- Re: Alert: IE 4.0 Security Zone compromise Weed Whacker (Oct 21)