Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Official IFRAME patch - make sure it installs correctly

From: "BillyBob" <billybobknob () hotmail com>
Date: Thu, 2 Dec 2004 09:06:41 -0400
Does anyone know why Microsoft does not have this patch available for XP (no
SP) running IE6 ?
I know this system is vulnerable to the IFRAME exploit as I tested it.

Bill

----- Original Message -----
From: "Berend-Jan Wever" <skylined () edup tudelft nl>
To: <full-disclosure () lists netsys com>; <bugtraq () securityfocus com>
Sent: Wednesday, December 01, 2004 8:49 PM
Subject: [Full-disclosure] Official IFRAME patch - make sure it installs
correctly



The IFRAME vulnerability has been patched, see

http://www.microsoft.com/technet/security/bulletin/ms04-040.mspx


*** Make sure you are patched after installing ***
I installed it using "Automatic Updates" (on Win2ksp4), rebooted and

loaded my InternetExploiter.html: IT STILL WORKED!!

Even though both "Automatic Updates" and

"http://windowsupdate.microsoft.com"; reported that I was patched!?!

I manually downloaded the exe and ran it, rebooted and now I'm finally

truely patched.


It might just have been a glitch on my system, but you might wanna check

anyway: InternetExploiter.html can still be downloaded from my website.


Berend-Jan Wever
<skylined () edup tudelft nl>
http://www.edup.tudelft.nl/~bjwever
SkyLined in #SkyLined on EFNET


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: