[5076] in WWW Security List Archive
RE: IE 3.02
daemon@ATHENA.MIT.EDU (David Kennedy)
Tue Apr 15 04:27:50 1997
Date: Tue, 15 Apr 1997 02:21:26 -0400
From: David Kennedy <76702.3557@compuserve.com>
To: William Smith <william@euphoria.acomp.usf.edu>,
WWW Security List <WWW-SECURITY@ns2.rutgers.edu>
Errors-To: owner-www-security@ns2.rutgers.edu
> What do you mean, no? The patch solved the problem with the
>.lnk and .url exploits. Wasn't that the only problem?
No. There's the SMB, the NTLM, the SSL/GET and then there's trojan attacks
on the SAM, and those are just off the top of my head without checking the
NT Security web sites.
NTLM is a IE *and* NT/95 problem. It doesn't work with NS, we've checked.
I'd agree SMB may not be an IE issue, but it's sure an MS one. SSL/GET is
both MS and NS.
___________________
Dave Kennedy CISSP
Protect what you connect
Look both ways before crossing the Net
National Computer Security Assoc
and OBTW, MSIE on AOL is still broken for lnk/url.
-dmk
