[Full-Disclosure] MS02-065 vulnerability
From: Paul Szabo (psz@maths.usyd.edu.au)
Date: 11/22/02
- Next message: Gregory Kornblum: "[Full-Disclosure] Jesus is crying."
- Previous message: Alif The Terrible: "[Full-Disclosure] Internet at 1am EST"
- Next in thread: Georgi Guninski: "[Full-Disclosure] MS02-065 vulnerability"
- Reply: Georgi Guninski: "[Full-Disclosure] MS02-065 vulnerability"
- Reply: HggdH: "[Full-Disclosure] MS02-065 vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: psz@maths.usyd.edu.au (Paul Szabo) Date: Fri, 22 Nov 2002 21:36:50 +1100 (EST)
Microsoft security bulletin
http://www.microsoft.com/technet/security/bulletin/ms02-065.asp
contains the caveat "a patched system could be made vulnerable again [by]
visit a web site or open an HTML mail". We have a execute-any-code
vulnerability, exploitable by a Web page or email; the patch can be undone
by a Web page or email. Just as exploitable after the patch.
Is this what Microsoft calls "responsible disclosure"?
Cheers,
Paul Szabo - psz@maths.usyd.edu.au http://www.maths.usyd.edu.au:8000/u/psz/
School of Mathematics and Statistics University of Sydney 2006 Australia
PS: The above applies to IE only; I know that the patch is needed also for
IIS and maybe others. Do not let details get in the way of a good story.
- Next message: Gregory Kornblum: "[Full-Disclosure] Jesus is crying."
- Previous message: Alif The Terrible: "[Full-Disclosure] Internet at 1am EST"
- Next in thread: Georgi Guninski: "[Full-Disclosure] MS02-065 vulnerability"
- Reply: Georgi Guninski: "[Full-Disclosure] MS02-065 vulnerability"
- Reply: HggdH: "[Full-Disclosure] MS02-065 vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
