funsec mailing list archives
Re: MS 0day
From: Roger Thompson <rog2002 () bellsouth net>
Date: Tue, 07 Nov 2006 09:52:07 -0500
At 09:06 AM 11/7/2006, Dude VanWinkle wrote:
http://secunia.com/advisories/22687/ http://www.microsoft.com/technet/security/advisory/927892.mspx Microsoft is investigating public reports of a vulnerability in the XMLHTTP 4.0 ActiveX Control, part of Microsoft XML Core Services 4.0 on Windows. We are aware of limited attacks that are attempting to use the reported vulnerability. Customers who are running Windows Server 2003 and Windows Server 2003 Service Pack 1 in their default configurations, with the Enhanced Security Configuration turned on, are not affected. Customers would need to visit an attacker's Web site to be at risk. We will continue to investigate these public reports. ------------------ I cant tell if this is related to the ie_createobject vuln or not..
No... they're different. Roger
-JP _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- MS 0day Dude VanWinkle (Nov 07)
- <Possible follow-ups>
- Re: MS 0day Roger Thompson (Nov 07)
- Re: MS 0day Dude VanWinkle (Nov 07)
- Re: MS 0day Juha-Matti Laurio (Nov 07)