Bugtraq mailing list archives
Re: IE5 allows executing programs
From: dleblanc () MINDSPRING COM (David LeBlanc)
Date: Fri, 3 Sep 1999 09:06:16 -0700
At 11:19 AM 9/3/99 +1000, Brad Griffin wrote:
" I use Eudora Pro and have IE 5 as the default mail viewer (as is the default Install) and you crashed Eudora (NT not logged in as Administrator). I had to disable IE 5 as the default viewer to see the mail..." I assume this would have been caused by the mail reader attempting to execute all four fragments of code.
There was an issue a while back where you could send people using Eudora javascript in their e-mail. I think your assumption is valid. I don't know if Eudora 4.x allows people to set the security zone that IE uses (I hope it does). This is why I _strongly_ suggest that if you're using any type of HTML enabled e-mail, set it up to run under the most paranoid settings possible. Most normal mail uses pretty standard HTML, with no Java or anything else, so you're not really losing any functionality you'll actually use. Not only will it save you from this attack, but there are lots of other nasty things that no longer work. Even though you still want to go get the patches, this measure keeps you out of trouble as a blanket measure. I'd bet that if your friends lock down their viewing settings, they can see the mail just fine. David LeBlanc dleblanc () mindspring com
Current thread:
- Re: IE5 allows executing programs David LeBlanc (Aug 30)
- <Possible follow-ups>
- Re: IE5 allows executing programs SysAdmin (Aug 30)
- Re: IE5 allows executing programs Jim Frost (Sep 01)
- Re: IE5 allows executing programs David LeBlanc (Sep 01)
- Re: IE5 allows executing programs Brad Griffin (Sep 02)
- Re: IE5 allows executing programs David LeBlanc (Sep 07)
- re, anti btrom Martin Markovitz (Sep 08)
- Re: IE5 allows executing programs Paul L Schmehl (Sep 08)
- SDI AMD remote exploit for RH linux Thiago (Sep 02)
- Re: IE5 allows executing programs J MacCraw (Sep 07)
- Re: IE5 allows executing programs Jesper M. Johansson (Sep 08)
- Re: IE5 allows executing programs SysAdmin (Sep 08)
- Re: IE5 allows executing programs Haxor, Wikit (Sep 16)
- Two SuSE 6.2 local root exploits Brock Tellier (Sep 16)
- SuSE 6.2 /usr/bin/sccw read any file Brock Tellier (Sep 16)
- Fw: CERT Advisory CA-99.12 - Buffer Overflow in amd morex (Sep 16)
- More fun with WWWBoard David Weins (Sep 17)
- Re: More fun with WWWBoard Chris Ridd (Sep 20)
- Re: More fun with WWWBoard Mark Jeftovic (Sep 21)