At 11:19 AM 9/3/99 +1000, Brad Griffin wrote: >" I use Eudora Pro and have IE 5 as the default mail viewer (as is the >default Install) and you crashed Eudora (NT not logged in as >Administrator). I had to disable IE 5 as the default viewer to see the >mail..." >I assume this would have been caused by the mail reader attempting to >execute all four fragments of code. There was an issue a while back where you could send people using Eudora javascript in their e-mail. I think your assumption is valid. I don't know if Eudora 4.x allows people to set the security zone that IE uses (I hope it does). This is why I _strongly_ suggest that if you're using any type of HTML enabled e-mail, set it up to run under the most paranoid settings possible. Most normal mail uses pretty standard HTML, with no Java or anything else, so you're not really losing any functionality you'll actually use. Not only will it save you from this attack, but there are lots of other nasty things that no longer work. Even though you still want to go get the patches, this measure keeps you out of trouble as a blanket measure. I'd bet that if your friends lock down their viewing settings, they can see the mail just fine. David LeBlanc dleblancat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:02:17 PDT