Vulnerability Development mailing list archives
Re: New IE6 security hole
From: "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa () pacbell net>
Date: Fri, 10 Jun 2005 07:01:06 -0700
And when I forwarded your email to Secure () microsoft com [which is what YOU should have done rather than posting it all over the place] this is what they posted back to me:
- Microsoft is aware of a public report of a vulnerability affecting Internet Explorer. The report indicates that Internet Explorer'sdefault behavior could allow a web page to not display script code when a user attempts to view the source of the page. - Our investigation reveals that the behavior described in the public
report is not a vulnerability in the browser. Instead, this is a well known capability of dynamic html (DHTML) and is a standard feature of most browsers including Internet Explorer.- Microsoft is concerned that some security researchers may not know the appropriate email alias to report security vulnerabilities to the Microsoft Security Response Center. Secure () microsoft com is the public email alias for reporting security vulnerabilities to Microsoft.
- We continue to encourage all security researchers to work with Microsoft on a confidential basis so that we can work together in partnership to help protect Microsoft's customers and not put them at unnecessary risk.- We continue to encourage customers follow our Protect Your PC guidance of enabling a firewall, getting software updates, and installing antivirus software. Customers can learn more about these steps at www.microsoft.com/protect.
-------------------------------------------In your contact database... put in secure () microsoft com and next time...use that instead.
Development SeniorenNet wrote:
Hi,I discovered a NEW security hole / exploit in IE6 with SP2 and all the latest security patches.Overview of the exploit: a.. Bug for all Microsoft Internet Explorer usersb.. Can be abused by hackers to run harmful JavaScript code and can be abused to mislead existing protection against harmful JavaScript code, like software from Norton, McAfee,. c.. Can be abused to mislead the search engines Google, MSN, Yahoo, AltaVista,.d.. Unpleasant for JavaScript programmersI searched the net about the bug but found nothing, so I really think it is a NEW bug.All the information about the new bug (info, exploit,.) , see the page http://research.seniorennet.be/Techresearch/Javascript_security_flaw_bug_ie_6/security_flaw_bug_javascript_ie_6_internet_explorer.phpBest regards, Pascal Vyncke
Current thread:
- New IE6 security hole Development SeniorenNet (Jun 10)
- Re: New IE6 security hole Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (Jun 10)