IE bug not fixed - update
From: Brian Taylor (brian@socnet.freeserve.co.uk)Date: 08/27/02
- Previous message: Anthony DeRobertis: "Re: IPv4 mapped address considered harmful"
- Next in thread: Sanford Olson: "Re: IE bug not fixed - update"
- Reply: Sanford Olson: "Re: IE bug not fixed - update"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Brian Taylor" <brian@socnet.freeserve.co.uk> To: <bugtraq@securityfocus.com> Date: Mon, 26 Aug 2002 23:57:06 -0700
Microsoft Baseline security analyser shows a red cross against "MS02-008,
XMLHTTP Control Can Allow Access to Local Files" on both my systems, and
this is backed up by the exploit http://jscript.dk/Jumper/xploit/xmlhttp.asp
is working on both my systems despite reapplying the required patch many
times in the past and then installing the latest IE patch that should also
of fixed it.
> The bug shown on the following pages is not fixed
>
> http://online.security.com/bid/3699
>
> I have 2 computers running Win XP Pro & IE6, both systems have all =
> updates installed via the Windows Update including Q323759: August, 2002 =
> Cumulative Patch for Internet Explorer 6 (Windows XP), installed on 23 =
> Aug 02.
>
> Yet the page http://jscript.dk/Jumper/xploit/xmlhttp.asp still allows =
> local file reading on both computers, which was ment to be patched in =
> MS02-008.
>
> If you need any details, computer config, dll versions etc just drop me =
> a mail and I will get you detailed compuer hardware and software info.
> Can you confirm the existance of this bug on your test systems.
>
> Thanks
> Brian
- Previous message: Anthony DeRobertis: "Re: IPv4 mapped address considered harmful"
- Next in thread: Sanford Olson: "Re: IE bug not fixed - update"
- Reply: Sanford Olson: "Re: IE bug not fixed - update"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
