[19393] in bugtraq
Re: Microsoft Security Bulletin MS01-012
daemon@ATHENA.MIT.EDU (Philip Stoev)
Tue Feb 27 16:10:03 2001
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-ID: <00a101c0a048$6ae6bd50$0100a8c0@zara>
Date: Tue, 27 Feb 2001 01:04:04 +0200
Reply-To: Philip Stoev <philip@STOEV.ORG>
From: Philip Stoev <philip@STOEV.ORG>
X-To: http-equiv@excite.com
To: BUGTRAQ@SECURITYFOCUS.COM
> >Mitigating Factors:
> >====================
> > - There is no means by which a Vcard could be made to open
> > automatically.
>
> This is not entirely accurate. If you are in the habit of collecting these
> odd things, you will have most certainly uncheck-marked the security
warning
> a long time ago. In that case it is less than trivial to open the Vcard
> automatically:
On IE 5.50.4522.180 with OE 5.50.4133.2400 on Windows 2000 Professional SP1,
the user is always prompted. There is no way to uncheck the "ask me" box,
because it is disabled (except by editing the registry). I think this also
applies for the initial OE 5.
Philip
