Security Incidents mailing list archives

Re: [unisog] Some more details on the worm

From: Gary Flynn <flynngn () jmu edu>
Date: Tue, 18 Sep 2001 15:57:30 -0400

Can anyone confirm that the reason the exe gets run from
the eml is because of the IE bug described here:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-020.asp

and that disabling file downloads will prevent it?

" Would IE always execute the attachment?

  No. IE would only execute the attachment if File Downloads 
  were enabled in the Security Zone that the e-mail was opened 
  in. However, File Downloads are enabled in all zones by default. "

-- 
Gary Flynn
Security Engineer - Technical Services
James Madison University

Please R.U.N.S.A.F.E.
http://www.jmu.edu/computing/runsafe

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Some more details on the worm Davis, Matt (Sep 18)
- Re: [unisog] Some more details on the worm Gary Flynn (Sep 18)
- <Possible follow-ups>
- RE: Some more details on the worm Steiner, Michael (Sep 18)