Bugtraq mailing list archives
Re: MS Outlook alert : Cuartango Active Setup - Workaround Instructions
From: mark () NTSHOP NET (Mark)
Date: Mon, 8 Nov 1999 14:37:28 -0700
I believe the instructions below provided for Outlook 98 would be similar for Outlook 2000 clients, however I do not have immediate access to that client for inspection at this moment in time. Thanks, Mark, mark () ntsecurity net http://www.ntsecurity.net ================================== Adjusting Outlook 98 Adjustments - To guard against the risks presented in Juan's notice, be sure to adjust control of ActiveX Scripting as well as ActiveX Controls and Plugins in your Outlook mail client. For Outlook 98, choose Tools, Options, and then Security from the pull down menus. On the security tab, adjust the Secure Content Zone to Restricted Sites. This causes Outlook to employ the Restricted Sites security profile to all email content received with Outlook. Also, ensure that the Restricted Sites zone settings are adequate for your needs. To do so, on the same Outlook Security dialog, click the Zone Settings button, which opens a new dialog. On the new dialog, choose the Restricted Sites zone, and click the Custom Level button, which opens the Security Settings dialog window. On the dialog window, scroll through the list and adjust all ActiveX properties to either "Disable" or "Prompt." Keep in mind that if you set these controls to "Prompt," you may experience a large number of prompts on the screen while surfing the Internet. If the prompts become a bother, simply readjust the ActiveX properties to "Disable." ====================================
There is a workaround : Change the temporary directories location defined in the environment variables %TEMP% and %TMP%. Make this variables to point over an unpredictable path. Another workaround would be the traditional one : disable active scripting. MS was informed about the issue last 12 October . They are supposed to inmediately release a fix. Regards, Juan Carlos GarcĂa Cuartango
Current thread:
- Re: Netscape Web Publisher, (continued)
- Re: Netscape Web Publisher Mnemonix (Nov 07)
- Re: Netscape Web Publisher nblasgen () NICK REFRACT COM (Nov 07)
- vwxploit.c unix port Sebastian (Nov 08)
- Windows NT Spooler Service. Avri Schneider (Nov 07)
- [w00giving '99 #2] IMAIL POP server Shok (Nov 07)
- Re: Guestbook.pl, sloppy SSI handling in Apache? (VD#2) Blue Boar (Nov 07)
- Re: Guestbook.pl, sloppy SSI handling in Apache? (VD#2) Jefferson Ogata (Nov 08)
- MS Outlook alert : Cuartango Active Setup Elias Levy (Nov 08)
- BigIP - bigconf.cgi holes Guy Cohen (Jun 13)
- Re: MS Outlook alert : Cuartango Active Setup David LeBlanc (Nov 08)
- Re: MS Outlook alert : Cuartango Active Setup - Workaround Instructions Mark (Nov 08)
- Insecure handling of NetSol maintainer passwords jlewis () LEWIS ORG (Nov 08)
- flaw in dmesg under Solaris echo8 (Nov 09)
- Re: Insecure handling of NetSol maintainer passwords Jefferson Ogata (Nov 09)
- Re: Insecure handling of NetSol maintainer passwords pedward () WEBCOM COM (Nov 10)
- Re: Insecure handling of NetSol maintainer passwords Trevor Schroeder (Nov 10)
- networksolutions CRYPT-PW salt (was: Re: Insecure handling of NetSol maintainer passwords) Jefferson Ogata (Nov 10)
- [Cobalt] Security Advisory - cgiwrap Jeff Bilicki (Nov 09)
- Re: MS Outlook alert : Cuartango Active Setup - Workaround Instructions Andy Helsby (Nov 09)