Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

RE: [ALERT] Remote File Execution By Web or Mail: Internet Explor er

From: "Kayne Ian (Softlab)" <Ian.Kayne () softlab co uk>
Date: Fri, 23 Nov 2001 11:06:06 -0000
Let me review the original advisory:


Impact:
Merely viewing a web page or opening a mail message will trigger the flaw.


Ah, I can think of one way - deny the use of Internet Explorer to everyone.
Thats nice and practical, and I'm sure it will endear us technical people to
the rest of the business.

Forewarned is only forearmed if you have sufficient information to
understand the problem. Forewarned is not forearmed when the information is
so vague and the possibilities are so numerous that it's impractical to
defend against them blindly.

Others have already commented on how we can expect more of this
"responsible" disclosure.

Ian Kayne
Technical Specialist - IT Solutions
Softlab Ltd - A BMW Company



-----Original Message-----
From: Ben Smee [mailto:Ben.Smee () optus net au]
Sent: 23 November 2001 02:02
To: Mariusz Mazur; vuln-dev () securityfocus com
Subject: RE: [ALERT] Remote File Execution By Web or Mail: Internet
Explorer


is it just me or can you not conceive of anyway to protect 
yourself now
that you do know about the problem?

forewarned is forearmed.

--------------------
Benjamin Smee
Technical Specialist
Optus Business Operations (NAC)
"YES" OPTUS
ben.smee () optus net au
Tel: +61-2-93420091
Fax: +61-2-93420998



******************************************************************** 
This email and any files transmitted with it are confidential and 
intended solely for the use of the individual or entity to whom 
they are addressed. 

If you are not the intended recipient or the person responsible for 
delivering to the intended recipient, be advised that you have received 
this email in error and that any use of the information contained within 
this email or attachments is strictly prohibited. 

Internet communications are not secure and Softlab does not accept 
any legal responsibility for the content of this message. Any opinions 
expressed in the email are those of the individual and not necessarily 
those of the Company. 

If you have received this email in error, or if you are concerned with 
the content of this email please notify the IT helpdesk by telephone 
on +44 (0)121 788 5480. 

********************************************************************
Previous By Date Next
Previous By Thread Next

Current thread: