Re: CRITICAL??? - Seven New Flaws in Internet Explorer not addressed by MS03-040 or MS03-048

From: Jakob Balle (jb_at_SECUNIA.COM)
Date: 11/27/03

Next message: Russ: "Re: Strange SMTP Server behaviour"

Previous message: Kusnierz, Danny: "CRITICAL??? - Seven New Flaws in Internet Explorer not addressed by MS03-040 or MS03-048"
In reply to: Kusnierz, Danny: "CRITICAL??? - Seven New Flaws in Internet Explorer not addressed by MS03-040 or MS03-048"
Next in thread: Nelson Sousa: "Re: CRITICAL??? - Seven New Flaws in Internet Explorer not addressed by MS03-040 or MS03-048"
Reply: Nelson Sousa: "Re: CRITICAL??? - Seven New Flaws in Internet Explorer not addressed by MS03-040 or MS03-048"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date:         Thu, 27 Nov 2003 16:40:48 +0100
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

Danny Kusnierz' reference to Secunia Advisory SA9711 is not regarding
the latest vulnerabilities disclosed by Liu Die Yu.

The correct Secunia Advisory about the latest vulnerabilities disclosed
by Liu Die Yu on 25th November is SA10289:
http://secunia.com/advisories/10289/

Kind regards,

Jakob Balle, Secunia

On Wed, 2003-11-26 at 21:24, Kusnierz, Danny wrote:
> There is an EXPLOIT available 11/25/03 using a combination of seven
> new flaws discovered by Liu Die Yu which allows a properly crafted web
> site to download and execute arbitrary code without user intervention
> using Internet Explorer on a fully patched machine. I tried it myself
> after it was reported by Dan Drumm in our Telecom dept. and we're
> currently discussing the necessity of turning off Active Scripting.
> Danny Kusnierz
> Technical Services
> Ball Corporation
>
> Secunia Advisory:
> http://www.secunia.com/advisories/9711
>
> Demo Exploit Code (downloads and runs .exe of fire burning on computer
> screen without user intervention):
> <http://www.safecenter.net/UMBRELLAWEBV4/1stCleanRc/1stCleanRc-Demo/index.html>
>
> ----
> NTBugtraq subscribers save $103.00 off the TICSA exam by using promo
> code "NT1003" when registering to take the TICSA exam at
> www.2test.com.
> Prove to your employer and peers that you have the knowledge and
> abilities to be an active stakeholder in today's enterprise security.
> Become TICSA certified www.trusecure.com/ticsa. Promotion expires
> 12/31/03 and cannot be used in combination with other offers.
>
> ----
>

----
NTBugtraq subscribers save $103.00 off the TICSA exam by using promo
code "NT1003" when registering to take the TICSA exam at www.2test.com.
Prove to your employer and peers that you have the knowledge and
abilities to be an active stakeholder in today's enterprise security.
Become TICSA certified www.trusecure.com/ticsa.  Promotion expires
12/31/03 and cannot be used in combination with other offers.
----

Next message: Russ: "Re: Strange SMTP Server behaviour"

Previous message: Kusnierz, Danny: "CRITICAL??? - Seven New Flaws in Internet Explorer not addressed by MS03-040 or MS03-048"
In reply to: Kusnierz, Danny: "CRITICAL??? - Seven New Flaws in Internet Explorer not addressed by MS03-040 or MS03-048"
Next in thread: Nelson Sousa: "Re: CRITICAL??? - Seven New Flaws in Internet Explorer not addressed by MS03-040 or MS03-048"
Reply: Nelson Sousa: "Re: CRITICAL??? - Seven New Flaws in Internet Explorer not addressed by MS03-040 or MS03-048"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]