[22849] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

RE: Serious security Flaw in Microsoft Internet Explorer - Zone Spoofing

daemon@ATHENA.MIT.EDU (j jf)
Sun Oct 14 13:20:13 2001

From: "j jf" <jjfjjf69@hotmail.com>
To: bugtraq@securityfocus.com
Date: Sat, 13 Oct 2001 08:03:41 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: <F178Y0f7kzDxK4v6GWL00006239@hotmail.com>

I found a way to overcome this hole for now:

Mark OFF all 3 options at the IE Local IntRAnet Security Zone
(Include all local intRAnet, sites, network path UNC).

Now press the advanced key and define your company DNS network zones,
You can use wild cards: *.mycompany.com

I haven’t tested it thoroughly, yet it seems to work and 
http://user%40NONdottedIP
Is accounted as internet rather than Local IntRAnet.

Regards,

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[22849] in bugtraq

RE: Serious security Flaw in Microsoft Internet Explorer - Zone Spoofing

daemon@ATHENA.MIT.EDU (j jf)Sun Oct 14 13:20:13 2001

daemon@ATHENA.MIT.EDU (j jf)
Sun Oct 14 13:20:13 2001