funsec mailing list archives

Re: MS 0day

From: Roger Thompson <rog2002 () bellsouth net>
Date: Tue, 07 Nov 2006 09:52:07 -0500

At 09:06 AM 11/7/2006, Dude VanWinkle wrote:

http://secunia.com/advisories/22687/
http://www.microsoft.com/technet/security/advisory/927892.mspx
Microsoft is investigating public reports of a vulnerability in the
XMLHTTP 4.0 ActiveX Control, part of Microsoft XML Core Services 4.0
on Windows. We are aware of limited attacks that are attempting to use
the reported vulnerability.

Customers who are running Windows Server 2003 and Windows Server 2003
Service Pack 1 in their default configurations, with the Enhanced
Security Configuration turned on, are not affected. Customers would
need to visit an attacker's Web site to be at risk. We will continue
to investigate these public reports.

------------------

I cant tell if this is related to the ie_createobject vuln or not..


No... they're different.

Roger

-JP
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

MS 0day Dude VanWinkle (Nov 07)
- <Possible follow-ups>
- Re: MS 0day Roger Thompson (Nov 07)
  - Re: MS 0day Dude VanWinkle (Nov 07)
- Re: MS 0day Juha-Matti Laurio (Nov 07)