Security Incidents mailing list archives
Re: [unisog] Some more details on the worm
From: Gary Flynn <flynngn () jmu edu>
Date: Tue, 18 Sep 2001 15:57:30 -0400
Can anyone confirm that the reason the exe gets run from the eml is because of the IE bug described here: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-020.asp and that disabling file downloads will prevent it? " Would IE always execute the attachment? No. IE would only execute the attachment if File Downloads were enabled in the Security Zone that the e-mail was opened in. However, File Downloads are enabled in all zones by default. " -- Gary Flynn Security Engineer - Technical Services James Madison University Please R.U.N.S.A.F.E. http://www.jmu.edu/computing/runsafe ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Some more details on the worm Davis, Matt (Sep 18)
- Re: [unisog] Some more details on the worm Gary Flynn (Sep 18)
- <Possible follow-ups>
- RE: Some more details on the worm Steiner, Michael (Sep 18)