From: C y b e r T e c h @ L i s t s . E x M a c h i n a . n e t <http://www.cybercafe21.net> & <http://www.cybercafe21.tv>
> -----Message d'origine----- > De : Microsoft Product Security Notification Service > [mailto:[EMAIL PROTECTED]]De la part de > Microsoft Product Security > Envoy� : mercredi 24 octobre 2001 2:49 > � : [EMAIL PROTECTED] > Objet : Microsoft Security Bulletin MS01-053 > > > The following is a Security Bulletin from the Microsoft Product Security > Notification Service. > > Please do not reply to this message, as it was sent from an unattended > mailbox. > ******************************** > > -----BEGIN PGP SIGNED MESSAGE----- > > - ---------------------------------------------------------------------- > Title: Downloaded Applications Can Execute on Mac IE 5.1 for > OS X > Date: 23 October 2001 > Software: Internet Explorer 5.1 for Macintosh (r) > Impact: Run code of attacker's choice > Bulletin: MS01-053 > > Microsoft encourages customers to review the Security Bulletin at: > http://www.microsoft.com/technet/security/bulletin/MS01-053.asp. > - ---------------------------------------------------------------------- > > Issue: > ====== > The Macintosh OS X Operating System provides built-in support for > both BinHex and MacBinary file types. These file types allow for the > efficient transfer of information across networks by allowing > information to be compressed by the sender and then decompressed by > the recipient. This capability is particularly useful on the > Internet, by allowing users to dowload compressed files. > > A vulnerability results because of a flaw in the way Mac OS X and Mac > IE 5.1 interoperate when BinHex and MacBinary file types are > downloaded. As a result, an application that is downloaded in either > of these formats can execute automatically once the download is > complete. > > A user would first have to choose to download a file and allow the > download to fully complete before the application could execute. > Also, users can choose to disable the automatic decoding of both > these file types. > > Mitigating Factors: > ==================== > - The user would have to choose to downoad the application before > any attempt could be made to exploit the vulnerablity. It cannot > be > exploited without user interaction. > - The application would have to successfully download before any > attempt could be made to exploit the vulnerability. The user can > cancel the download at anytime prior to completion. > - The vulnerability could not be exploited if automatic decoding of > BinHex and MacBinary files has been disabled. This is not a > default > setting however. > > Patch Availability: > =================== > - A patch is available to fix this vulnerability. Please read the > Security Bulletin at > http://www.microsoft.com/technet/security/bulletin/ms01-053.asp > for information on obtaining this patch. > > > - --------------------------------------------------------------------- > > THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS > PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS > ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE > WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. > IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE > FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, > CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF > MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE > POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION > OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO > THE FOREGOING LIMITATION MAY NOT APPLY. > > -----BEGIN PGP SIGNATURE----- > Version: PGP 7.1 > > iQEVAwUBO9YP740ZSRQxA/UrAQHZ1QgAqt3/4S1HGiUw0QDXJhtQ2ABR/JUgpLt4 > 7UgvF7b5qzja4mQrus/+vv/F64uQTdajmMUwmDMa5r30SbaljWiJ91mWBXRWBtIU > m+YmsyMuvriUrVvs9dGlyjOVZ3We+9utUElorWwgrObQv8lwTog0mMU+i9pdZHIQ > DodZArsKErEOdOVkHETwliRa3tOUnMzZnMEUIHtazEb0v5wzL9z2E89x7FEND4t8 > wNNSuWTUYpsPL7idJ4B6JiBTi4H2WIyGI2ZuEYcTQ2StfRN16chyn0gYhf5g6v1v > WDEyZMG2WjQuw0IJRunsBZQ5FmrF10DosL12EGdhqKvdzxaravlWKg== > =qAZe > -----END PGP SIGNATURE----- > > ******************************************************************* > You have received this e-mail bulletin as a result of your registration > to the Microsoft Product Security Notification Service. You may > unsubscribe from this e-mail notification service at any time by sending > an e-mail to [EMAIL PROTECTED] > The subject line and message body are not used in processing the request, > and can be anything you like. > > To verify the digital signature on this bulletin, please download our PGP > key at http://www.microsoft.com/technet/security/notify.asp. > > For more information on the Microsoft Security Notification Service > please visit http://www.microsoft.com/technet/security/notify.asp. For > security-related information about Microsoft products, please visit the > Microsoft Security Advisor web site at http://www.microsoft.com/security. > .. et si internet vous voyait ? Abonnez-vous en septembre a chello et recevez une webcam ! >>> En savoir plus ? http://www.chello.be - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - CCTK vous est offert par Emakina <http://www.emakina.com> Pour vous desabonner <mailto:[EMAIL PROTECTED]>
