RE: [ALERT] Remote File Execution By Web or Mail: Internet Explorer

From: Ben Smee (Ben.Smee@optus.net.au)
Date: 11/23/01


Subject: RE: [ALERT] Remote File Execution By Web or Mail: Internet Explorer
Date: Fri, 23 Nov 2001 13:02:11 +1100
Message-ID: <EA5B96F925E18B439810718DCBD8286F42F260@NACSVR05.nac.cwo.net.au>
From: "Ben Smee" <Ben.Smee@optus.net.au>
To: "Mariusz Mazur" <mariusz@isn.pl>, <vuln-dev@securityfocus.com>

is it just me or can you not conceive of anyway to protect yourself now
that you do know about the problem?

forewarned is forearmed.

--------------------
Benjamin Smee
Technical Specialist
Optus Business Operations (NAC)
"YES" OPTUS
ben.smee@optus.net.au
Tel: +61-2-93420091
Fax: +61-2-93420998

Perilous to all of us are the devices of an art deeper than we possess
ourselves.
-- Gandalf the White

> -----Original Message-----
> From: Mariusz Mazur [mailto:mariusz@isn.pl]
> Sent: Friday, 23 November 2001 6:10 AM
> To: vuln-dev@securityfocus.com
> Subject: Re: [ALERT] Remote File Execution By Web or Mail:
> Internet Explorer
>
>
> On 2001-11-21 hush.little.baby@hushmail.com wrote the folowyng:
>
> [moderator: since this will probably cause many people to
> start the nda vs full disclosure debate so I guess you won't
> let it trough. So if you don't, it would be nice to give a
> tip to the list.]
>
>
> Ok... So we know that there is a bug... It's a critical one,
> ppl can "turn it off" by editing something in the registry
> and Microsoft is working hard to fix it. Oh... and we know
> that for the next 60 days some people can cause some damage
> to me and I have no way to protect myself.
>
> Is this just me or maybe more people think that releasing
> this "advisory" (though this should be called "intimidator")
> was completely irresponsible and plain stupid?
>
>
> hlbhc> -----BEGIN PGP SIGNED MESSAGE-----
>
> hlbhc> NOMEN NESCIO SECURITY ALERT #9000989 666
>
> hlbhc> Topic: Remote File Execution By Web or Mail: Internet Explorer
>
> hlbhc> Severity: Critical
>
> hlbhc> Datum: 2001-11-21
>
> ---snip---
>
>
>
> --
> Mariusz Mazur
> "One Ring to bring them all and in the darkness bind them"
> rem begin JenniferLopez_Naked.jpg.vbs :)
>
>
>



Relevant Pages

  • Re: [ALERT] Remote File Execution By Web or Mail: Internet Explorer
    ... Subject: [ALERT] Remote File Execution By Web or Mail: Internet Explorer ... hlbhc> Topic: Remote File Execution By Web or Mail: Internet Explorer ...
    (Vuln-Dev)
  • Re: IE not displaying web pages correctly
    ... > entry point was not found.Dll Register server may not be exported, ... >>> How to Troubleshoot Script Errors in Internet Explorer ... >>> Please respond in Newsgroup. ... >>> Protect your PC ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: My home page is not in our control
    ... with known advertisers, marketers, and crapware pushers to the Restricted sites zone of Internet Explorer. ... to push unwanted pop-ups, cookies, or auto-installing programs on you. ... Consider purchasing and installing a good internet security program: ... Protect your PC! ...
    (microsoft.public.windowsupdate)
  • Re: Internet Explorer
    ... with known advertisers, marketers, and crapware pushers to the Restricted sites zone of Internet Explorer. ... to push unwanted pop-ups, cookies, or auto-installing programs on you. ... Consider purchasing and installing a good internet security program: ... Protect your PC! ...
    (microsoft.public.windowsxp.newusers)
  • Re: Computer wont allow updates to IE or virus Software
    ... with known advertisers, marketers, and crapware pushers to the Restricted sites zone of Internet Explorer. ... to push unwanted pop-ups, cookies, or auto-installing programs on you. ... Protect your PC! ...
    (microsoft.public.windowsxp.general)