IE 5.5 SP2 incident

[Jose Romeo Vela <jrvela () yahoo com>]

I came across something that make me think that IE 5.5 SP2 is still
vulnerable to NIMDA.

Although, I hardly use IE since I prefer Netscape, I still have IE on
my PC. I updated my IE 5.5 to SP2 to avoid the vulnerability and I
decided to test it. It is my understanding that the patch does not
automatically store files sent by an exploit such as NIMDA's. I look at
my web server logs ( Linux/Apache, It rocks! ) and pick one of the ip
address that are tryin to hit me, I opened Netscape with this URL and I
get esked if I want to save the readme.eml (as expected). I try the
same thing with IE 5.5 SP2 and my Anti-virus goes bananas with
instances of NIMDA in the cache directory. 

IE 5.5 SP2 never asked me if I wanted to save the file. Appearently MS
in their infinite wisdon, caches the file right away. 

When the AV kicked in several infected files got delete, however it
failed to delete one file indicating that it could not be found in the
directory. I then went looking for readme.exe and readme.eml and I
could not find any instances. However, there was a file called
readme[1].eml in the cache. The AV does not bitch about this file.




__________________________________________________
Terrorist Attacks on U.S. - How can you help?
Donate cash, emergency relief information
http://dailynews.yahoo.com/fc/US/Emergency_Information/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com