Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Microsoft Security Bulletin MS01-055
From: "Clover Andrew" <aclover () 1value com>
Date: Mon, 12 Nov 2001 16:14:53 +0100

Microsoft Product Security <secnotif () MICROSOFT COM> wrote:

Mitigating Factors: [...]

Users who have set Outlook Express to use the "Restricted
Sites" Zone are not affected by the HTML mail exploit of this

Sorry, but this is not true.

Whilst pages in the Restricted Sites zone are barred from using active
scripting, there are other ways of redirecting the user to a malicious
about: URL. Two I can think of straight away that require no user
intervention are:

  <meta http-equiv="refresh" content="1;url=about:...">
  <iframe src="about:...">

both work on Outlook 2000 with mail content in the Restricted Sites
zone. Since I stated exactly this whilst discussing the previous
vulnerability with secure () microsoft, I'm disappointed to see this
argument wheeled out again.

Andrew Clover
Technical Consultant

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]