Alert: Release of MS02-008 Security Bulletin - MSXML
From: Russ (Russ.Cooper@RC.ON.CA)Date: 02/22/02
- Previous message: Russ: "Alert: Release of MS02-007 Security Bulletin - MS SQL 7.0 and OLE DB providers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 21 Feb 2002 21:12:06 -0500 From: Russ <Russ.Cooper@RC.ON.CA> To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
http://www.microsoft.com/technet/security/bulletin/MS02-008.asp
Affects Windows XP, SQL 2000, and IE 6.0 (regardless of platform).
Vulnerability previously released to Bugtraq (Dec 2001) allows web pages
to use an ActiveX control (XMLHTTP) to send or receive XML data. The
data should have been restricted to remote data sources only, however
due to a flaw in the component it was possible to cause it to send local
data to remote sources.
Microsoft rates this issue as Moderate for Internet/Intranet services,
and Critical for clients.
Cheers,
Russ - NTBugtraq Editor
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Delivery co-sponsored by Qualys - Make Your Network Secure
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Go Beyond PARTIAL Security: FREE White Paper
Stop hassling with half-baked ENTERPRISE SECURITY.
FREE White Paper shows you how to ensure TOTAL security for your Internet
perimeter with the most current and most complete PROACTIVE Vulnerability
Assessment solution. Get your FREE White Paper now. Click here!
https://www.qualys.com/forms/techwhite_86.html
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
- Previous message: Russ: "Alert: Release of MS02-007 Security Bulletin - MS SQL 7.0 and OLE DB providers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
