Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

What is your take on the recent IE Problems

From: "Rob McShinsky" <Rob () McShinsky com>
Date: Mon, 1 Dec 2003 10:05:10 -0500
What do  you think are the real realworld possibilities of a problem?

(1) HIGH: Microsoft Internet Explorer Multiple Vulnerabilities

Affected Products:

Internet Explorer 6.0

Possibly Internet Explorer versions 5.01 and 5.5

Description:

Multiple new vulnerabilities have been reported in Internet Explorer which
can be exploited in tandem by a malicious website to execute arbitrary code
and/or access sensitive information on a system running a fully patched
browser (with the latest MS03-048 patch installed).

Technical details and proof-of-concept exploits have been posted.

Status: Vendor has not confirmed, no patch is available.

Council Site Actions:

Due to the late-breaking nature of this problem, we were unable to solicit
input from the council sites.

References:

Postings by Liu Die Yu (discovered the vulnerabilities)
http://archives.neohapsis.com/archives/fulldisclosure/2003-q4/2906.html

http://archives.neohapsis.com/archives/bugtraq/2003-11/0309.html

http://archives.neohapsis.com/archives/bugtraq/2003-11/0302.html

http://archives.neohapsis.com/archives/bugtraq/2003-11/0308.html

http://archives.neohapsis.com/archives/bugtraq/2003-11/0307.html

http://archives.neohapsis.com/archives/bugtraq/2003-11/0305.html

http://archives.neohapsis.com/archives/bugtraq/2003-11/0303.html

http://archives.neohapsis.com/archives/bugtraq/2003-11/0298.html

http://archives.neohapsis.com/archives/bugtraq/2003-11/0297.html

Secunia Advisory

http://www.secunia.com/advisories/10289/


---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: