Internet Explorer URL Display problem

Daniel Bird dbird at SGHMS.AC.UK
Wed Dec 10 21:05:04 GMT 2003


Chris Yuzik wrote:

>>At 20:05 10/12/2003, you wrote:
>>
>>
>
>
>
>>Should
>>
>>uri IE_VULN /%01.*@/
>>score IE_VULN 10.0
>>describe IE_VULN Internet Explorer vulnerability
>>
>>work?
>>
>>
>
>Julian,
>
>Wouldn't this only mark the message as spam? Maybe I'm alone on this, but
>I think that this presents a far more serious threat than just spam. If
>someone opens the spam anyways and sees a message from their bank,
>requesting verification of online banking information, they might be
>tempted to follow the links AND complain to me that this important message
>from their bank was marked as spam.
>
>My thought is that this should fall under the same general area of the
>flowchart as the I-Frame exploits, if possible.
>
>Your thoughts?
>
>
My 2 pennith : IF a rule in SA can catch it (without FP's), it can
simply be scored really high (say 100) and just run the high scoreing
pam actions on it. For us that would be no notifications, nada. I can
see a reason for something simialr to the IFrame stuff if you wanted MS
to do other stuff with it, like rule sets etc, but this you really want
bin.

Dan

>Chris
>
>
>



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the MailScanner mailing list