XML data Island workaround may affect clients wth exchange 2003 outlook web access

SANS ISC InfoSec Forums

Special Webcast: What you need to know about the crypt32.dll vulnerability. Register Now

XML data Island workaround may affect clients wth exchange 2003 outlook web access
J.T. wrote in to tell us there is an issue with the XML Data Island CLSID workaround for the zero day IE vulnerability. "If the Disable XML Island functionality work around is used, users are no longer able to send emails with Exchange 2003 Outlook Web Access. When the user clicks the send button to send the message, the following alert is displayed: "You do not have permissions to delete this item". If the user clicks "OK" on the prompt window, the message window is closed and the message is not sent. When XML island functionality is re-enabled, the message is delivered as expected." I assume this implies that outlook webmail requires embedded xml in html as Microsoft did list this as an impact. http://www.microsoft.com/technet/security/advisory/961051.mspx "Impact of workaround: Embedded XML in HTML may not render correctly."	donald 206 Posts ISC Handler
Subscribe	Dec 16th 2008 1 decade ago