Re: exploit fix breaks CDO access

From: N. Miller (duh_at_blackhole.aosake.net)
Date: 07/04/04

• Next message: N. Miller: "Re: routers and firewalls"
• Previous message: N. Miller: "Re: Suggestions for this apparent IE6 flaw?"
• In reply to: Biff: "exploit fix breaks CDO access"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Sun, 4 Jul 2004 08:04:48 -0700

In article <256f901c4618c$e17c6c40$a601280a@phx.gbl>, Biff says...

> Just an FYI:

> I followed a suggested fix that is suppossed to eliminate
> the current "spoofing" exploit and discovered that the fix
> breaks access to these newsgroups if you use the CDO
> interface. (web access)

> The fix calls for setting "Navigate sub-frames across
> different domains" to disabled. It seems that these MS ngs
> use that functionality !!!!!!! Go figure !!!!!!

> With that setting disabled you can open the site but you
> can't open or read any of the posts. A security fix that
> won't let you access a security forum. How's that for
> irony ???

Do you trust the MSFT site? Put it in the "Trusted sites" zone, and loosen
the permissions in that zone.

-- 
Norman
~Win dain a lotica, En vai tu ri, Si lo ta
~Fin dein a loluca, En dragu a sei lain
~Vi fa-ru les shutai am, En riga-lint

---

• Next message: N. Miller: "Re: routers and firewalls"
• Previous message: N. Miller: "Re: Suggestions for this apparent IE6 flaw?"
• In reply to: Biff: "exploit fix breaks CDO access"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)