Security Basics mailing list archives

RE: What is your take on the recent IE Problems


From: "Tran, John" <John.Tran () unisys com>
Date: Mon, 1 Dec 2003 12:06:02 -0500

Microsoft say that there will be another patch release early in December to fix these issue. There next date for patch 
release is on December 9th.  This MESON-048 has been giving me problem the first time my company installed it on user 
machine. I advise to wait for the next patch release to installed.

-----Original Message-----
From: Rob McShinsky [mailto:Rob () McShinsky com]
Sent: Monday, December 01, 2003 10:05 AM
To: security-basics () securityfocus com
Cc: focus-virus () securityfocus com
Subject: What is your take on the recent IE Problems


What do  you think are the real realworld possibilities of a problem?

(1) HIGH: Microsoft Internet Explorer Multiple Vulnerabilities

Affected Products:

Internet Explorer 6.0

Possibly Internet Explorer versions 5.01 and 5.5

Description:

Multiple new vulnerabilities have been reported in Internet Explorer which
can be exploited in tandem by a malicious website to execute arbitrary code
and/or access sensitive information on a system running a fully patched
browser (with the latest MS03-048 patch installed).

Technical details and proof-of-concept exploits have been posted.

Status: Vendor has not confirmed, no patch is available.

Council Site Actions:

Due to the late-breaking nature of this problem, we were unable to solicit
input from the council sites.

References:

Postings by Liu Die Yu (discovered the vulnerabilities)
http://archives.neohapsis.com/archives/fulldisclosure/2003-q4/2906.html

http://archives.neohapsis.com/archives/bugtraq/2003-11/0309.html

http://archives.neohapsis.com/archives/bugtraq/2003-11/0302.html

http://archives.neohapsis.com/archives/bugtraq/2003-11/0308.html

http://archives.neohapsis.com/archives/bugtraq/2003-11/0307.html

http://archives.neohapsis.com/archives/bugtraq/2003-11/0305.html

http://archives.neohapsis.com/archives/bugtraq/2003-11/0303.html

http://archives.neohapsis.com/archives/bugtraq/2003-11/0298.html

http://archives.neohapsis.com/archives/bugtraq/2003-11/0297.html

Secunia Advisory

http://www.secunia.com/advisories/10289/


---------------------------------------------------------------------------
----------------------------------------------------------------------------

---------------------------------------------------------------------------
----------------------------------------------------------------------------


Current thread: