Microsoft Product Security <[EMAIL PROTECTED]> writes:
> Title: Incorrect MIME Header Can Cause IE to Execute E-mail
> Attachment
I think the title of the advisory is not appropriate, although it's
correct, technically speaking. It's certainly confusing many people
who're assuming that the problem is related only to HTML e-mail
messages viewed by Internet Explorer, for example, inside Outlook.
These people think there's no need to upgrade because they are using
safe e-mail clients.
Microsoft's advisory does describe the real dangers in the body of the
advisory, but apparently, only few people have read thus far. For
example, German mainstream media are picking up the theme, but only
stress the e-mail aspect of it.
I'm not sure if there's a general lesson to learn, but it seems that
nowadays, many people try to read security advisories, even those who
are not familiar with the architecture of the flawed system. So extra
care is necessary to avoid descriptions which appear ambiguous to the
non-technical reader (or a reader not familiar with the particular
platform).
--
Florian Weimer [EMAIL PROTECTED]
University of Stuttgart http://cert.uni-stuttgart.de/
RUS-CERT +49-711-685-5973/fax +49-711-685-5898
