[19418] in bugtraq
Re: Microsoft Security Bulletin MS01-012
daemon@ATHENA.MIT.EDU (foobar@COTSE.COM)
Wed Feb 28 03:20:36 2001
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Message-ID: <983307960.3a9c16b85afeb@webmail.cotse.com>
Date: Tue, 27 Feb 2001 16:06:00 -0500
Reply-To: foobar@COTSE.COM
From: foobar@COTSE.COM
To: BUGTRAQ@SECURITYFOCUS.COM
On Tue, 27 Feb 2001 01:04:04 +0200, Philip Stoev wrote:
| > >Mitigating Factors:
| > >====================
| > > - There is no means by which a Vcard could be made to open
| > > automatically.
| >
| > This is not entirely accurate. If you are in the habit of collecting these
| > odd things, you will have most certainly uncheck-marked the security
| warning
| > a long time ago. In that case it is less than trivial to open the Vcard
| > automatically:
|
| On IE 5.50.4522.180 with OE 5.50.4133.2400 on Windows 2000 Professional SP1,
| the user is always prompted. There is no way to uncheck the "ask me" box,
| because it is disabled (except by editing the registry). I think this also
| applies for the initial OE 5.
|
| Philip
Internet Explorer 5.50.4522.1800 with Outlook Express 5.50.*4522.1200* has it
and functions per the demonstration. Definitely a kicker if you have ever
opened vcards in newsgroup posts or mail, you disengage the warning the first
time. To enable the warning again, on win9X do my computer|folder options|file
types|vcard|edit|[x] confirm open after download
HTH
Foo
