IE bug not fixed - update

["Brian Taylor" <brian () socnet freeserve co uk>]

Microsoft Baseline security analyser shows a red cross against "MS02-008,
XMLHTTP Control Can Allow Access to Local Files" on both my systems, and
this is backed up by the exploit http://jscript.dk/Jumper/xploit/xmlhttp.asp
is working on both my systems despite reapplying the required patch many
times in the past and then installing the latest IE patch that should also
of fixed it.


> The bug shown on the following pages is not fixed
>
> http://online.security.com/bid/3699
>
> I have 2 computers running Win XP Pro & IE6, both systems have all =
> updates installed via the Windows Update including Q323759: August, 2002 =
> Cumulative Patch for Internet Explorer 6 (Windows XP), installed on 23 =
> Aug 02.
>
> Yet the page http://jscript.dk/Jumper/xploit/xmlhttp.asp still allows =
> local file reading on both computers, which was ment to be patched in =
> MS02-008.
>
> If you need any details, computer config, dll versions etc just drop me =
> a mail and I will get you detailed compuer hardware and software info.
> Can you confirm the existance of this bug on your test systems.
>
> Thanks
>     Brian