[53] in Best-of-Security
BoS: Re: Internet Explorer Bug
daemon@ATHENA.MIT.EDU (John Pettitt)
Tue Mar 4 04:32:36 1997
Date: Mon, 3 Mar 1997 13:13:09 -0800
Reply-To: John Pettitt <jpp@CYBERSOURCE.COM>
From: John Pettitt <jpp@CYBERSOURCE.COM>
Errors-To: best-of-security-request@suburbia.net
To: best-of-security@suburbia.net
Resent-From: best-of-security@suburbia.net
Bug: IE will blindly run .url and .lnk files from remote servers.
Well that must qualify for brain dead hole of the week, here is a quick fix.
Rename the registry entry
"My Computer\HKEY_CLASSES_ROOT\InternetShortcut\shell\open\command"
to "old.command"
Do the same for
My Computer\HKEY_CLASSES_ROOT\lnkfile\CLSID
(change to CLSID.old)
This will case .url files to be treated as .txt files and .lnk files to pop
the open/save dialog.
It's a gross kludge but it works. Given the bug one could even create
a web page to do the regedits for you (arrrggghhhh).
John