RE: New Virus / Worm ??

John Matteson Tue, 18 Sep 2001 13:45:10 -0700
The bulletin only relates to IE 5 and 5.5 and has been superceded. Following
the trail of bulletins out to the end, they still say they only apply to IE
5 and 5.5. I'm running IE 6.0 and still had Media Player launch because of
the Mime code.

John Matteson; Exchange Manager
Geac Corporate Infrastructure Systems and Standards
(404) 239 - 2981

...the words that I remember from my childhood still are true, that there
are none so blind as those who will not see....
--The Moody Blues (I know you're out there)


-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 18, 2001 4:57 PM
To: Exchange Discussions
Subject: RE: New Virus / Worm ??


It exploits the very dangerous iFrame vulnerability detailed at
http://www.microsoft.com/technet/security/bulletin/ms01-020.asp. The one
thing that article doesn't tell you is that the IE patch it describes does
not block the ability of Office documents in an iFrame to launch
automatically. What that means is that if you don't have Office macro
security set high enough, the next attack could use a Word .doc macro to
deliver its payload.

> I just received an e-mail with this virus/worm.  It appears to be not very
> nice.  I use the preview pane in Outlook and it automatically attempted to
> launch the attachment.  For once, I'm glad I had the new security features
> in Outlook SR-1 that does not allow launching an .exe w/out saving it to
the
> hard drive first.
> 
> The virus had a subject with 255 characters in it.  Methinks there was/is
an
> exploit for subject lines that long.

_________________________________________________________________
List posting FAQ:       http://www.swinc.com/resource/exch_faq.htm
Archives:               http://www.swynk.com/sitesearch/search.asp
To unsubscribe:         mailto:[EMAIL PROTECTED]
Exchange List admin:    [EMAIL PROTECTED]

_________________________________________________________________
List posting FAQ:       http://www.swinc.com/resource/exch_faq.htm
Archives:               http://www.swynk.com/sitesearch/search.asp
To unsubscribe:         mailto:[EMAIL PROTECTED]
Exchange List admin:    [EMAIL PROTECTED]
RE: New Virus / Worm ??

Reply via email to
