From: Georgi Guninski [mailto:[EMAIL PROTECTED]]
> I continue to believe all versions of IE 5.x are vulnerable.
> [...]
> 3. If you see a message box "This is VBscript" then you are
> vulnerable because this message is produced by active scripting which is
disabled in (1).
Not vulnerable:
NT 4.0 SP6a with these hotfixes:
Q243649 Q246045 Q243835(reissued) Q248183 Q249108 Q259622 Q259728 Q264684
Q266433 Q275567 Q280119 Q296441
and IE 5.5 SP1 with these hotfixes:
VM3802 Q279328 Q283908 Q286045 Q280768(WSH 5.5 second version) Q290108
Q293818
and (for completeness) O2K SR1 with these hotfixes:
Q262767 Q268365 Q269252 Q269880 Q274226 Q282132 Q285978(reissued)
-Francis
