[12484] in bugtraq
Re: MS Outlook alert : Cuartango Active Setup - Workaround
daemon@ATHENA.MIT.EDU (Mark)
Mon Nov 8 18:50:45 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
Message-Id: <01a201bf2a31$744646b0$225daecf@sys.dev.nul>
Date: Mon, 8 Nov 1999 14:37:28 -0700
Reply-To: Mark <mark@NTSHOP.NET>
From: Mark <mark@NTSHOP.NET>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <19991108115405.A11777@securityfocus.com>
I believe the instructions below provided for Outlook 98 would be similar
for Outlook 2000 clients, however I do not have immediate access to that
client for inspection at this moment in time.
Thanks,
Mark, mark@ntsecurity.net
http://www.ntsecurity.net
==================================
Adjusting Outlook 98 Adjustments -
To guard against the risks presented in Juan's notice, be sure to adjust
control of ActiveX Scripting as well as ActiveX Controls and Plugins in your
Outlook mail client.
For Outlook 98, choose Tools, Options, and then Security from the pull down
menus. On the security tab, adjust the Secure Content Zone to Restricted
Sites. This causes Outlook to employ the Restricted Sites security profile
to all email content received with Outlook.
Also, ensure that the Restricted Sites zone settings are adequate for your
needs. To do so, on the same Outlook Security dialog, click the Zone
Settings button, which opens a new dialog. On the new dialog, choose the
Restricted Sites zone, and click the Custom Level button, which opens the
Security Settings dialog window. On the dialog window, scroll through the
list and adjust all ActiveX properties to either "Disable" or "Prompt." Keep
in mind that if you set these controls to "Prompt," you may experience a
large number of prompts on the screen while surfing the Internet. If the
prompts become a bother, simply readjust the ActiveX properties to
"Disable."
====================================
> There is a workaround :
> Change the temporary directories location defined in the
> environment variables %TEMP% and %TMP%. Make this variables to
> point over an unpredictable path. Another workaround would be the
> traditional one : disable active scripting.
> MS was informed about the issue last 12 October . They are
> supposed to inmediately release a fix.
> Regards,
> Juan Carlos Garcma Cuartango
