Bugtraq mailing list archives

Re-release of Microsoft Security Bulletin MS99-042

From: aleph1 () UNDERGROUND ORG (Aleph One)
Date: Thu, 4 Nov 1999 15:18:30 -0800


The following is a Security  Bulletin from the Microsoft Product Security
Notification Service.

Please do not  reply to this message,  as it was sent  from an unattended
mailbox.
                    ********************************

On October 15, 1999, Microsoft released Security Bulletin MS99-042, which
discussed the availability of a patch that eliminates the "IFRAME
ExecCommand" vulnerability in Microsoft(r) Internet Explorer 4.01 and 5.0.
However, we subsequently determined that the patch contained a regression
error.  While the patch did provide protection against the "IFRAME
ExecCommand" vulnerability, it re-exposed a previously-patched security
vulnerability.  We have corrected the regression error and re-released the
patch.

We have updated the security bulletin and FAQ, and it is available at
http://www.microsoft.com/security/bulletins/ms99-042.asp.  The updated
bulletin contains information on the vulnerability, the regression error,
and the updated patch.  Please note that the regression error only affected
the IE 5.0 version of the patch; the patch for IE 4.01 was unaffected, and
customers who applied it do not need to take any action.

We apologize for any inconvenience caused by this incident, and are working
to improve our process in order to prevent similar incidents in the future.
Regards,

The Microsoft Security Response Team

   *******************************************************************
You have received  this e-mail bulletin as a result  of your registration
to  the   Microsoft  Product  Security  Notification   Service.  You  may
unsubscribe from this e-mail notification  service at any time by sending
an  e-mail  to  MICROSOFT_SECURITY-SIGNOFF-REQUEST () ANNOUNCE MICROSOFT COM
The subject line and message body are not used in processing the request,
and can be anything you like.

For  more  information on  the  Microsoft  Security Notification  Service
please visit http://www.microsoft.com/security/services/bulletin.asp. For
security-related information  about Microsoft products, please  visit the
Microsoft Security Advisor web site at http://www.microsoft.com/security.

Current thread:

Re: WFTPD v2.40 FTPServer remotely exploitable buffer overflow vulnerability Alun Jones (Nov 02)
- Re: WFTPD v2.40 FTPServer remotely exploitable buffer overflow vulnerability iarce (Nov 04)
- Re: WFTPD v2.40 FTPServer remotely exploitable buffer overflow vulnerability Alberto Soliño (Nov 04)
- Palm Hotsync vulnerable to DoS attack Aviram Jenik (Nov 04)
- RealNetworks RealServer G2 buffer overflow - WORKAROUND (fwd) ah1 () SECURITYFOCUS COM (Nov 04)
- Microsoft Security Bulletin (MS99-047) Aleph One (Nov 04)
- Re-release of Microsoft Security Bulletin MS99-042 Aleph One (Nov 04)