Bugtraq mailing list archives

Re: IE Domain Confusion Vulnerability doesn't matter much

From: rms2000 () BELLATLANTIC NET (Richard M. Smith)
Date: Mon, 15 May 2000 08:12:39 -0400


Marc,

That is why you are supposed to configure outlook to use a restricted
security zone for reading mail that doesn't allow any "active scripting
languages", etc.


Actually the Restricted Sites Zone still has Active Scripting
turned on.  This zone only disables ActiveX controls and
Java applets by default.  To make Outlook and Outlook Express
safe from IE security holes requires Active Scripting
to be turned off manually.

I put instructions on my Web site last summer that goes
through the entire procedure:

   http://www.tiac.net/users/smiths/acctroj/oe.htm

Richard

Current thread:

쀼릿: Re: non-exec stac, (continued)
- - - 쀼릿: Re: non-exec stac ZhaoQian (May 10)
    - Alert: IIS ism.dll exposes file contents Cerberus Security Team (May 11)
    - ISSalert: Internet Security Systems Security Advisory: Microsoft IIS Remote Denial of Service Attack Warren Barrow (May 11)
    - Remote DoS attack in Internet Information Server 4.0 & 5.0 "Malformed Extension Data in URL" Vulnerability Ussr Labs (May 11)
    - Microsoft Security Bulletin (MS00-030) Microsoft Product Security (May 11)
    - IE Domain Confusion Vulnerability Foo Bar (May 11)
    - Overflow in Outlook Express 4.* - too long filenames with graphic format extension Ultor (May 12)
    - Eudora Sensitive to Long Filenames Ron Moritz (May 18)
    - IE Domain Confusion Vulnerability is an Email problem also Richard M. Smith (May 12)
    - Re: IE Domain Confusion Vulnerability doesn't matter much Marc Slemko (May 12)
    - Re: IE Domain Confusion Vulnerability doesn't matter much Richard M. Smith (May 15)
    - Vulnerability in CGI counter 4.0.7 by George Burgyan Howard M. Kash III (May 15)
    - Vulnerability in EMURL-based e-mail providers Pierre Benoit (May 15)
    - New Solaris root exploit for /usr/lib/lp/bin/netpr Anonymous (May 12)
    - Microsoft Security Bulletin (MS00-034) Microsoft Product Security (May 12)
    - Microsoft Office 2000 Advisory dildog (May 12)