Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: XML data Island workaround may affect clients wth exchange 2003 outlook web access - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
XML data Island workaround may affect clients wth exchange 2003 outlook web access

J.T. wrote in to tell us there is an issue with the XML Data Island CLSID workaround for the zero day IE vulnerability.

"If the Disable XML Island functionality work around is used, users are
no longer able to send emails with Exchange 2003 Outlook Web Access.
When the user clicks the send button to send the message, the following
alert is displayed: "You do not have permissions to delete this item".
If the user clicks "OK" on the prompt window, the message window is
closed and the message is not sent.
When XML island functionality is re-enabled, the message is delivered as
expected."

I assume this implies that outlook webmail requires embedded xml in
html as Microsoft did list this as an impact.

http://www.microsoft.com/technet/security/advisory/961051.mspx
"Impact of workaround: Embedded XML in HTML may not render correctly."
 
 

 donald

206 Posts
Dec 16th 2008
Thread locked Subscribe Dec 16th 2008
1 decade ago

Sign Up for Free or Log In to start participating in the conversation!