Revised: MS03-004
From: Paul Szabo (psz@MATHS.USYD.EDU.AU)
Date: 02/14/03
- Previous message: Ben Reardon: "Re: Symantec AV signature corruption"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 15 Feb 2003 07:30:39 +1100 From: Paul Szabo <psz@MATHS.USYD.EDU.AU> To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Found on another mailing list; guess it is of interest to NTBugTraq.
Paul Szabo - psz@maths.usyd.edu.au http://www.maths.usyd.edu.au:8000/u/psz/
School of Mathematics and Statistics University of Sydney 2006 Australia
---
Title: Cumulative Patch for Internet Explorer (810847)
Released: 5 February 2003
Revised: 12 February 2003(version 2.0)
Software: Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6.0
Impact: Allow an attacker to execute commands on a user's
system.
Max Risk: Critical
Bulletin: MS03-004
Microsoft encourages customers to review the Security Bulletin at:
http://www.microsoft.com/technet/security/bulletin/MS03-004.asp
http://www.microsoft.com/security/security_bulletins/ms03-004.asp
----------------------------------------------------------------------
Reason for Revision:
====================
Subsequent to the initial release of this bulletin, a non-security
issue was discovered with this patch that could affect some users -
primarily consumers - under certain conditions. Specifically, the
issue could cause some users to be unable to authenticate to
certain Internet web sites such as subscription based sites, or MSN
e-mail. This issue has been resolved, and a hot fix (813951) issued
to correct it. It is important to note that this hot fix corrects a
very specific non-security issue, and that the security patch
discussed in this Security Bulletin was, and still is, effective in
removing the vulnerabilities discussed later in this bulletin. More
information, including details of how to obtain the hot fix are
available at:
http://www.microsoft.com/windows/ie/downloads/critical/813951/defau
lt.asp and in the Frequently Asked Questions section of this
bulletin.
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Delivery co-sponsored by TruSecure Corporation
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
TICSA - Anniversary Special - Limited Time
Become TICSA certified for just $221.25 US when you register before 3/31/03
with PROMO "TS0103" at www.2test.com. NO membership fees, certification
good for 2 years. Price for international delivery just $296.25 US, with
this offer. Offer cannot be combined with any other special and expires
3/31/03. Visit www.trusecure.com/ticsa for full details.
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
- Next message: NGSSoftware Insight Security Research: "Oracle unauthenticated remote system compromise (#NISR16022003a)"
- Previous message: Ben Reardon: "Re: Symantec AV signature corruption"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
