Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
XML data Island workaround may affect clients wth exchange 2003 outlook web access

J.T. wrote in to tell us there is an issue with the XML Data Island CLSID workaround for the zero day IE vulnerability.

"If the Disable XML Island functionality work around is used, users are
no longer able to send emails with Exchange 2003 Outlook Web Access.
When the user clicks the send button to send the message, the following
alert is displayed: "You do not have permissions to delete this item".
If the user clicks "OK" on the prompt window, the message window is
closed and the message is not sent.
When XML island functionality is re-enabled, the message is delivered as

I assume this implies that outlook webmail requires embedded xml in
html as Microsoft did list this as an impact.
"Impact of workaround: Embedded XML in HTML may not render correctly."


206 Posts
Dec 16th 2008

Sign Up for Free or Log In to start participating in the conversation!