|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Clover Andrew (aclover
1value.com)Date: Mon Nov 12 2001 - 09:14:53 CST
Microsoft Product Security <secnotifMICROSOFT.COM> wrote:
> Mitigating Factors: [...]
> Users who have set Outlook Express to use the "Restricted
> Sites" Zone are not affected by the HTML mail exploit of this
> vulnerability
Sorry, but this is not true.
Whilst pages in the Restricted Sites zone are barred from using active
scripting, there are other ways of redirecting the user to a malicious
about: URL. Two I can think of straight away that require no user
intervention are:
<meta http-equiv="refresh" content="1;url=about:...">
<iframe src="about:...">
both work on Outlook 2000 with mail content in the Restricted Sites
zone. Since I stated exactly this whilst discussing the previous
vulnerability with securemicrosoft, I'm disappointed to see this
argument wheeled out again.
-- Andrew Clover Technical Consultant 1VALUE.com AG
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]