XML data Island workaround may affect clients wth exchange 2003 outlook web access

SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

XML data Island workaround may affect clients wth exchange 2003 outlook web access
J.T. wrote in to tell us there is an issue with the XML Data Island CLSID workaround for the zero day IE vulnerability. "If the Disable XML Island functionality work around is used, users are no longer able to send emails with Exchange 2003 Outlook Web Access. When the user clicks the send button to send the message, the following alert is displayed: "You do not have permissions to delete this item". If the user clicks "OK" on the prompt window, the message window is closed and the message is not sent. When XML island functionality is re-enabled, the message is delivered as expected." I assume this implies that outlook webmail requires embedded xml in html as Microsoft did list this as an impact. http://www.microsoft.com/technet/security/advisory/961051.mspx "Impact of workaround: Embedded XML in HTML may not render correctly."	donald 206 Posts Dec 16th 2008
Thread locked Subscribe	Dec 16th 2008 1 decade ago