[8232] in bugtraq
Re: Alert: IE 4.0 Security Zone compromise
daemon@ATHENA.MIT.EDU (Norbert Luckhardt)
Wed Oct 21 12:28:22 1998
Date: Wed, 21 Oct 1998 11:35:02 +0200
Reply-To: Norbert Luckhardt <nl@CT.HEISE.DE>
From: Norbert Luckhardt <nl@CT.HEISE.DE>
To: BUGTRAQ@NETSPACE.ORG
-----BEGIN PGP SIGNED MESSAGE-----
Hi there,
At 21:06 19.10.98 -0400, you wrote:
>IE appears to assume that anything it sees without a period in the URL
>should be treated as part of the Local Intranet Zone.
as I tested on IE 4.0 (4.72.3110.1 german version w/ win98) the bug seems to
rely on the option "add all local sites which are not listed in another
zone" (or however the english text for that will be) - when You uncheck this
option (internet options/security; choose "local intranet zone"/add sites)
the 32bit-URLs will be treated correctly as internet zone sites
so as a workaround it should do to add all local sites manually to the
intranet list with the "advanced" option
have fun, Shalom,
NOrbert
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: cp850
Comment: c't Krypto-Kampagne http://www.heise.de/ct/pgpCA/
iQCVAwUBNix84jYMsgdcZ8mpAQGr9wP9Gk1vGys1hazYQ7W/D86WtlJeygQWgMsr
mtU1bpkU/evKZBC3O2zzeNGKAk72VMMBzsHBCUCFKAfgiEn5u1XCYz4skPkld7Yy
bJFJ+/Ieg6YcxRjOwu1aWZ+wMbhq6Fp99apOh/kQr3/7EjMbZxgzfTU4zqtGsYQK
rYF13anQuJs=
=rfXH
-----END PGP SIGNATURE-----
--
Norbert Luckhardt http://www.heise.de/ct/Redaktion/nl/
Redaktion c't Tel.: +49 511 5352 - 300 Fax: +49 511 5352 - 417
Helstorfer Str. 7 D-30625 Hannover BBS: +49 511 5352 - 301
