[53] in Best-of-Security


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

BoS: Re: Internet Explorer Bug

daemon@ATHENA.MIT.EDU (John Pettitt)
Tue Mar 4 04:32:36 1997

Date: 	Mon, 3 Mar 1997 13:13:09 -0800
Reply-To: John Pettitt <jpp@CYBERSOURCE.COM>
From: John Pettitt <jpp@CYBERSOURCE.COM>
Errors-To: best-of-security-request@suburbia.net
To: best-of-security@suburbia.net
Resent-From: best-of-security@suburbia.net

Bug: IE will blindly run .url and .lnk files from remote servers.

Well that must qualify for brain dead hole of the week, here is a quick fix.

Rename the registry entry
"My Computer\HKEY_CLASSES_ROOT\InternetShortcut\shell\open\command"
 to "old.command"

Do the same for

My Computer\HKEY_CLASSES_ROOT\lnkfile\CLSID
(change to CLSID.old)

This will case .url files to be treated as .txt files and .lnk files to pop
the open/save dialog.

It's a gross kludge but it works.  Given the bug one could even create
a web page to do the regedits for you (arrrggghhhh).

John


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[53] in Best-of-Security

BoS: Re: Internet Explorer Bug

daemon@ATHENA.MIT.EDU (John Pettitt)Tue Mar 4 04:32:36 1997

daemon@ATHENA.MIT.EDU (John Pettitt)
Tue Mar 4 04:32:36 1997