Bugtraq mailing list archives
Re: Microsoft Security Bulletin MS01-012
From: Chris Timmons <chris-timmons () HOME COM>
Date: Tue, 27 Feb 2001 21:28:15 -0500
Not true either.. Open File Explorer and got Tools -> Options -> File Types, scroll down to .vcf, click advanced, and just uncheck "confirm open after download". You open it, it won't ask you. If you have checked it, or any of your users have, it will ask again. Running logon scripts in a network, or sending any other "executable" file :) (depending on motives) you want to send someone can enable or disable this feature. The same goes for any type of file extension. If it is a blind link on website, it will run without prompting to open or save if disabled/unchecked. You will of course get the open vcf file, and still have the option to save or discard then, but by then the damage is done? ; Enable confirm after download / opening (checked): [HKEY_CLASSES_ROOT\vcffile] "EditFlags"=dword:0 ; Disable confirm after download / opening: (unchecked) [HKEY_CLASSES_ROOT\vcffile] "EditFlags"=dword:0x1000 Chris --------------------- Humanity has advanced, when it has advanced, not because it has been sober, responsible, and cautious, but because it has been playful, rebellious, and immature. - Tom Robbins -----Original Message----- From: Bugtraq List [mailto:BUGTRAQ () SECURITYFOCUS COM]On Behalf Of Philip Stoev Sent: February 26, 2001 18:04 To: BUGTRAQ () SECURITYFOCUS COM Subject: Re: Microsoft Security Bulletin MS01-012
Mitigating Factors: ==================== - There is no means by which a Vcard could be made to open automatically.This is not entirely accurate. If you are in the habit of collecting these odd things, you will have most certainly uncheck-marked the security
warning
a long time ago. In that case it is less than trivial to open the Vcard automatically:
On IE 5.50.4522.180 with OE 5.50.4133.2400 on Windows 2000 Professional SP1, the user is always prompted. There is no way to uncheck the "ask me" box, because it is disabled (except by editing the registry). I think this also applies for the initial OE 5. Philip
Current thread:
- Microsoft Security Bulletin MS01-012 Microsoft Product Security (Feb 23)
- <Possible follow-ups>
- Re: Microsoft Security Bulletin MS01-012 joelmoses (Feb 26)
- Re: Microsoft Security Bulletin MS01-012 http-equiv () excite com (Feb 26)
- Re: Microsoft Security Bulletin MS01-012 Philip Stoev (Feb 27)
- Re: Microsoft Security Bulletin MS01-012 Chris Timmons (Feb 28)
- Re: Microsoft Security Bulletin MS01-012 Philip Stoev (Feb 27)
- Re: Microsoft Security Bulletin MS01-012 foobar (Feb 28)