RE: [ALERT] Remote File Execution By Web or Mail: Internet Explorer

From: Ben Smee (Ben.Smee@optus.net.au)
Date: 11/23/01


Subject: RE: [ALERT] Remote File Execution By Web or Mail: Internet Explorer
Date: Fri, 23 Nov 2001 13:02:11 +1100
Message-ID: <EA5B96F925E18B439810718DCBD8286F42F260@NACSVR05.nac.cwo.net.au>
From: "Ben Smee" <Ben.Smee@optus.net.au>
To: "Mariusz Mazur" <mariusz@isn.pl>, <vuln-dev@securityfocus.com>

is it just me or can you not conceive of anyway to protect yourself now
that you do know about the problem?

forewarned is forearmed.

--------------------
Benjamin Smee
Technical Specialist
Optus Business Operations (NAC)
"YES" OPTUS
ben.smee@optus.net.au
Tel: +61-2-93420091
Fax: +61-2-93420998

Perilous to all of us are the devices of an art deeper than we possess
ourselves.
-- Gandalf the White

> -----Original Message-----
> From: Mariusz Mazur [mailto:mariusz@isn.pl]
> Sent: Friday, 23 November 2001 6:10 AM
> To: vuln-dev@securityfocus.com
> Subject: Re: [ALERT] Remote File Execution By Web or Mail:
> Internet Explorer
>
>
> On 2001-11-21 hush.little.baby@hushmail.com wrote the folowyng:
>
> [moderator: since this will probably cause many people to
> start the nda vs full disclosure debate so I guess you won't
> let it trough. So if you don't, it would be nice to give a
> tip to the list.]
>
>
> Ok... So we know that there is a bug... It's a critical one,
> ppl can "turn it off" by editing something in the registry
> and Microsoft is working hard to fix it. Oh... and we know
> that for the next 60 days some people can cause some damage
> to me and I have no way to protect myself.
>
> Is this just me or maybe more people think that releasing
> this "advisory" (though this should be called "intimidator")
> was completely irresponsible and plain stupid?
>
>
> hlbhc> -----BEGIN PGP SIGNED MESSAGE-----
>
> hlbhc> NOMEN NESCIO SECURITY ALERT #9000989 666
>
> hlbhc> Topic: Remote File Execution By Web or Mail: Internet Explorer
>
> hlbhc> Severity: Critical
>
> hlbhc> Datum: 2001-11-21
>
> ---snip---
>
>
>
> --
> Mariusz Mazur
> "One Ring to bring them all and in the darkness bind them"
> rem begin JenniferLopez_Naked.jpg.vbs :)
>
>
>