Threat Level: green Handler on Duty: Pedro Bueno

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

XML data Island workaround may affect clients wth exchange 2003 outlook web access

Published: 2008-12-16
Last Updated: 2008-12-16 22:18:29 UTC
by donald smith (Version: 1)
0 comment(s)

J.T. wrote in to tell us there is an issue with the XML Data Island CLSID workaround for the zero day IE vulnerability.

"If the Disable XML Island functionality work around is used, users are
no longer able to send emails with Exchange 2003 Outlook Web Access.
When the user clicks the send button to send the message, the following
alert is displayed: "You do not have permissions to delete this item".
If the user clicks "OK" on the prompt window, the message window is
closed and the message is not sent.
When XML island functionality is re-enabled, the message is delivered as
expected."


I assume this implies that outlook webmail requires embedded xml in
html as Microsoft did list this as an impact.

http://www.microsoft.com/technet/security/advisory/961051.mspx
"Impact of workaround: Embedded XML in HTML may not render correctly."
 
 

Keywords:
0 comment(s)
Diary Archives