> -----Original Message-----
> From: Georgi Guninski [mailto:[EMAIL PROTECTED]]
> Sent: Friday, April 20, 2001 14:40
> Subject: XML scripting in IE, Outlook Express
[...]
> Background:
> We have some disagreement with Microsoft whether this works on fully
> patched IE 5.x.
> I believe I am running fully patched IE according to the rules for
> patching in
> Microsoft's security bulletins.
> The problem seems to be the version of WSH which is described in
> MS-01-015 at:
> http://www.microsoft.com/technet/security/bulletin/ms01-015.asp
> To check whether you are vulnerable check DEMONSTRATION.
Not vulnerable.:
Windows 2000 Professional SP1 (5.00.2195)
Internet Explorer 5.5 SP1 (5.50.4134.0600)
+ Q290108, Q279328
Windows Scripting Host 5.1
Outlook 2000 + Outlook Security Fix
MS XML Parser 3.0
OTOH, another computer IS vulnerable:
Windows 2000 Professional
Internet Explorer 5.01
Windows Scripting Host 5.1
Outlook 2000
MS XML Parser 3.0
> Workaround: I do not know of workaround but Microsoft claims updating
> WSH solves the issue.
This does not seem to be the case. Also noticed during testing that
after unsuccessfully visiting the demonstration page, IE/OL on occasion
jams for a few seconds.
