[11764] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: IE 5.0 allows executing programs

daemon@ATHENA.MIT.EDU (Paul Leach (Exchange))
Thu Sep 9 01:48:28 1999

Mime-Version: 1.0
Content-Type: text/plain
Message-Id:  <19398D273324D3118A2B0008C7E9A56902FFFBAC@SIT.platinum.corp.microsoft.com>
Date:         Fri, 3 Sep 1999 13:01:53 -0700
Reply-To: "Paul Leach (Exchange)" <paulle@EXCHANGE.MICROSOFT.COM>
From: "Paul Leach (Exchange)" <paulle@EXCHANGE.MICROSOFT.COM>
X-To:         Jens Benecke <jens@PINGUIN.CONETIX.DE>, BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM

Despite how much I know it might pain some people, if one puts
"http://windowsupdate.microsoft.com" in the "Trusted" zone, then one can
still disable "safe for scripting" controls in the "Internet" zone and get
the convenience of Windows Update without prompting.

(You could still be DNS spoofed. I tried using https:, but the site doesn't
like that...)

Paul


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[11764] in bugtraq

Re: IE 5.0 allows executing programs

daemon@ATHENA.MIT.EDU (Paul Leach (Exchange))Thu Sep 9 01:48:28 1999

daemon@ATHENA.MIT.EDU (Paul Leach (Exchange))
Thu Sep 9 01:48:28 1999