hi. this is my first posting to bugtraq. a complete description of the microsoft active setup control's unsigned cab file execution vulnerability and exploit is published on securityfocus. you may want to check this out. this is a sad vulnerability. one can actually transfer an EXE file to the other side and get it executed without the user's knowledge. http://www.securityfocus.com/data/vulnerabilities/exploits/775.html an alternate address is: http://www.crosswinds.net/~muks/ SHORT MESSAGE: if you use outlook express, download the patches for the above off microsoft's site and install them. or turn off all activex controls in your security settings of outlook express. better yet, change your mail client. this exploit is published at http://www.securityfocus.com/bid/775/ cheers! mukund
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:38:29 PDT