Full Disclosure mailing list archives
Re: MS02-065 vulnerability
From: psz () maths usyd edu au (Paul Szabo)
Date: Sat, 23 Nov 2002 20:34:38 +1100 (EST)
HggdH <hggdh () attbi com> wrote:
. From: "Paul Szabo" <psz () maths usyd edu au> . [[ MS02-065 is ] Just as exploitable after the patch. ] Quoting: "What steps could I follow to prevent the control from being silently re-introduced onto my system? The simplest way is to make sure you have no trusted publishers, including Microsoft."
The work-arounds suggested by Microsoft probably work. They might even "come clean" and suggest to disable ActiveX, or even go as far as to ask users to "get off" IE (and use Netscape or Mozilla or whatever), or to upgrade to Linux. The fact remains that installing the patch does not protect the (IE) user.
. Is this what Microsoft calls "responsible disclosure"? The real interesting part, for me, is that the trust on the trusting mechanism has been shattered. Finally.
Agreed. Cheers, Paul Szabo - psz () maths usyd edu au http://www.maths.usyd.edu.au:8000/u/psz/ School of Mathematics and Statistics University of Sydney 2006 Australia _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- MS02-065 vulnerability Paul Szabo (Nov 22)
- Re: MS02-065 vulnerability Georgi Guninski (Nov 22)
- Re: MS02-065 vulnerability HggdH (Nov 22)
- <Possible follow-ups>
- Re: MS02-065 vulnerability Paul Szabo (Nov 23)
- Re: MS02-065 vulnerability HggdH (Nov 23)