this bug was announced months ago (like that's a big surprise) . Turns
out MS's patch didn't work quite right, and since the users who ran it
thought they'd fixed the problem, they didn't check and find out. The
ones who didn't are still vulnerable too.
Moof!
tack
On Wed, 19 Sep 2001, Erik Curiel wrote:
>
>
> Wow, check it out, this is a *serious* fuckup on M$'s part---I've never
> seen a security flaw in a browser before that allowed arbitrary code to be
> run simply by hitting a web page with Javascript activated in its configs.
>
>
> >From the CERT page http://www.cert.org/advisories/CA-2001-06.html:
>
> Microsoft Internet Explorer has a vulnerability triggered when
> parsing MIME arts in a document that allows a malicious agent to
> execute arbitrary code. Any user or program that uses vulnerable versions
> of Internet Explorer to render HTML in a document (for example,
> when browsing a filesystem, reading email or news messages, or
> visiting a web page), should immediately upgrade to a
> non-vulnerable version of Internet Explorer.
>
> E
>
>
--
------------------------------------------
1st Amendment: Void where prohibited
http://freesklyarov.org
http://www.anti-dmca.org
