[14900] in bugtraq
Re: IE Domain Confusion Vulnerability doesn't matter much
daemon@ATHENA.MIT.EDU (Richard M. Smith)
Mon May 15 15:41:26 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <NDBBKGHPMKBKDDGLDEEHIENDDIAA.rms2000@bellatlantic.net>
Date: Mon, 15 May 2000 08:12:39 -0400
Reply-To: "Richard M. Smith" <rms2000@BELLATLANTIC.NET>
From: "Richard M. Smith" <rms2000@BELLATLANTIC.NET>
X-To: Marc Slemko <marcs@ZNEP.COM>, BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.BSF.4.20.0005121050000.86005-100000@alive.znep.com>
Marc,
> That is why you are supposed to configure outlook to use a restricted
> security zone for reading mail that doesn't allow any "active scripting
> languages", etc.
Actually the Restricted Sites Zone still has Active Scripting
turned on. This zone only disables ActiveX controls and
Java applets by default. To make Outlook and Outlook Express
safe from IE security holes requires Active Scripting
to be turned off manually.
I put instructions on my Web site last summer that goes
through the entire procedure:
http://www.tiac.net/users/smiths/acctroj/oe.htm
Richard
