RE: Internet Explorer URL parsing vulnerability - fix available

["Robert Ahnemann" <rahnemann () affinity-mortgage com>]

That's the beauty of the net...you don't have to if you don't want to.


<snip>
At least Microsoft is a trusted source
</snip>

That's one of the more debatable things I've heard all day...

Rob Ahnemann
Intranet Application Developer
1401 S. Lamar St.
Dallas, TX 800.270.8565 x 780
 

> -----Original Message-----
> From: Exibar [mailto:exibar () thelair com]
> Sent: Tuesday, December 16, 2003 2:47 PM
> To: Gregory A. Gilliss; full-disclosure () lists netsys com
> Subject: Re: [Full-disclosure] Internet Explorer URL parsing
vulnerability
> - fix available
>
> Agreed.  I also feel that why should a company pay this 3rd party for
a
> patch for a vulnerability that isn't really *huge* like a slammer or
> code-red deal.  I'm sure that Microsoft will patch it, for free.
>    If the source isn't available for the 3rd party's patch, how do we
know
> what it's really doing?  How do we know it isn't a security hazard?
At
> least Microsoft is a trusted source, and did I mention free already?
>
>   If a home user is THAT worried about this vulnerability, they're
already
> aware of what it does and therefore should know better.
>
>   Just wait for Microsoft to release the patch is what I say, FWIW.
>
> Exibar
>
> ----- Original Message -----
> From: "Gregory A. Gilliss" <ggilliss () netpublishing com>
> To: <full-disclosure () lists netsys com>
> Sent: Tuesday, December 16, 2003 2:29 PM
> Subject: Re: [Full-disclosure] Internet Explorer URL parsing
vulnerability
> -
> fix available
>
>
> > Well his post gives me some pause...since this is a "shareware"
product
> > (the poster is out to make some $$$ for themselves) I wonder that it
> doesn't
> > count as a commercial solicitation. Besides that, AFAIK the URL
filter
> > is not available in source code format (for peer review). IN short,
I'd
> > say that this is about as far from "full disclosure" as you can get,
> > albeit that it does appear to address the vulnerability...
> >
> > G
> >
> > On or about 2003.12.16 16:31:54 +0000, Frank Hagenson
> (fulldisclosure () hagenson com) said:
> > > A fix for this vulnerability is available at my website:
> > > http://www.abracadabrasolutions.com/UrlFilter.htm
> > >
> > > Regards,
> > > Frank Hagenson.
> >
> > --
> > Gregory A. Gilliss, CISSP                              E-mail:
> greg () gilliss com
> > Computer Security                             WWW:
> http://www.gilliss.com/greg/
> > PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4
14
> 0E
> 8C A3
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html